WP Live Chat Support - Version 8.0.31

Version Description

It is highly recommended that you upgrade to WP Live Chat Support version 8.0.30 for security reasons.

Download this release

Release Info

Developer WP-LiveChat
Plugin Icon 128x128 WP Live Chat Support
Version 8.0.31
Comparing to
See all releases

Code changes from version 8.0.30 to 8.0.31

Files changed (43) hide show
  1. ajax.php +11 -11
  2. config.php +7 -2
  3. functions.php +70 -437
  4. includes/Mobile_Detect.php +3 -0
  5. includes/aes_fast.php +0 -706
  6. includes/blocks/wplc-chat-box/index.php +13 -13
  7. includes/cryptoHelpers.php +0 -100
  8. includes/dashboard_page.php +7 -1
  9. includes/documentation_suggestions.php +6 -2
  10. includes/modal_control.php +3 -0
  11. includes/notification_control.php +4 -3
  12. includes/settings_page.php +35 -103
  13. includes/shortcodes.php +3 -1
  14. includes/surveys.php +11 -7
  15. includes/update_control.class.php +0 -128
  16. includes/wplc_agent_data.php +9 -6
  17. includes/wplc_custom_fields.php +3 -0
  18. includes/wplc_data_triggers.php +7 -4
  19. includes/wplc_departments.php +12 -7
  20. includes/wplc_roi.php +13 -8
  21. includes/wplc_transfer_chats.php +16 -4
  22. js/wplc_admin_pro.js +0 -19
  23. js/wplc_agent_node.js +2 -2
  24. js/wplc_node.js +4 -4
  25. js/wplc_tabs.js +0 -16
  26. js/wplc_u_admin_events.js +0 -18
  27. js/wplc_u_admin_gif_integration.js +1 -2
  28. modules/advanced_features.php +5 -11
  29. modules/advanced_tools.php +5 -2
  30. modules/api/wplc-api-functions.php +19 -296
  31. modules/api/wplc-api-routes.php +4 -6
  32. modules/api/wplc-api.php +3 -0
  33. modules/cta_animations.php +4 -1
  34. modules/documentation_suggestions.php +7 -4
  35. modules/gdpr.php +14 -11
  36. modules/google_analytics.php +4 -2
  37. modules/module_gif.php +4 -0
  38. modules/node_server.php +21 -54
  39. modules/offline_messages_custom_fields.php +5 -0
  40. modules/privacy.php +4 -1
  41. modules/webhooks_manager.php +31 -46
  42. readme.txt +43 -0
  43. wp-live-chat-support.php +200 -214
ajax.php CHANGED
@@ -1,5 +1,9 @@
1
  <?php
2
 
 
 
 
 
3
  add_action('wp_ajax_wplc_admin_long_poll', 'wplc_init_ajax_callback');
4
  add_action('wp_ajax_wplc_admin_long_poll_chat', 'wplc_init_ajax_callback');
5
  add_action('wp_ajax_wplc_admin_accept_chat', 'wplc_init_ajax_callback');
@@ -22,7 +26,6 @@ add_action('wp_ajax_wplc_get_chat_box', 'wplc_init_ajax_callback');
22
  add_action('wp_ajax_nopriv_wplc_get_chat_box', 'wplc_init_ajax_callback');
23
 
24
  function wplc_init_ajax_callback() {
25
- @ob_start();
26
 
27
  $wplc_session_id = rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9);
28
  $check = is_user_logged_in() ? check_ajax_referer( 'wplc', 'security' ) : 1;
@@ -75,7 +78,7 @@ function wplc_init_ajax_callback() {
75
  if ($continue === true) {
76
  echo wplc_output_box_5100(sanitize_text_field($_POST['cid']));
77
  } else {
78
- echo $continue;
79
  }
80
  die();
81
  }
@@ -107,7 +110,7 @@ function wplc_init_ajax_callback() {
107
  /* this is a new load of the page, return false so we can force a send of the new visitor data */
108
  $old_chat_data = false;
109
  } else {
110
- $old_chat_data = stripslashes($_POST['wplc_update_admin_chat_table']);
111
  }
112
 
113
  $pending = wplc_check_pending_chats();
@@ -129,7 +132,6 @@ function wplc_init_ajax_callback() {
129
  echo json_encode($array);
130
  break;
131
  }
132
- @ob_end_flush();
133
  if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
134
  $i++;
135
  }
@@ -137,7 +139,7 @@ function wplc_init_ajax_callback() {
137
  if($_POST['action'] == "wplc_admin_long_poll_chat"){
138
  if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
139
  $i = 1;
140
- $cdata = wplc_get_chat_data($_POST['cid']);
141
  $array = array();
142
  while($i <= $iterations){
143
  $array = apply_filters("wplc_filter_admin_long_poll_chat_loop_iteration",$array,$_POST,$i,$cdata);
@@ -145,7 +147,6 @@ function wplc_init_ajax_callback() {
145
  echo json_encode($array);
146
  break;
147
  }
148
- @ob_end_flush();
149
  if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
150
  $i++;
151
  }
@@ -160,7 +161,7 @@ function wplc_init_ajax_callback() {
160
  }
161
  if ($_POST['action'] == "wplc_admin_send_msg") {
162
  $chat_id = sanitize_text_field($_POST['cid']);
163
- $chat_msg = strip_tags($_POST['msg'], '<a><p><img><hr>');
164
  $wplc_rec_msg = wplc_record_chat_msg("2",$chat_id,$chat_msg);
165
  if ($wplc_rec_msg) {
166
  echo 'sent';
@@ -298,7 +299,7 @@ function wplc_init_ajax_callback() {
298
  else if( intval( $new_status ) == 12){ // no answer from admin, for the second+ time.
299
  $array['data'] = wplc_return_no_answer_string(sanitize_text_field($_POST['cid']));
300
  $array['check'] = true;
301
- @do_action("wplc_hook_missed_chat",array("cid" => $_POST['cid'],"name" => $_POST['wplc_name'],"email" => $_POST['wplc_email']));
302
 
303
  }
304
 
@@ -360,7 +361,7 @@ function wplc_init_ajax_callback() {
360
  $array['data'] = wplc_return_no_answer_string(sanitize_text_field($_POST['cid']));
361
  $array['check'] = true;
362
  wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 12, sanitize_text_field($_POST['wplcsession']));
363
- @do_action("wplc_hook_missed_chat",array("cid" => $_POST['cid'],"name" => $_POST['wplc_name'],"email" => $_POST['wplc_email']));
364
 
365
  }
366
  else if( intval( $new_status ) == 10 ) { // minimized active chat
@@ -395,7 +396,6 @@ function wplc_init_ajax_callback() {
395
 
396
  if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
397
 
398
- @ob_end_flush();
399
  }
400
  }
401
 
@@ -420,7 +420,7 @@ function wplc_init_ajax_callback() {
420
 
421
  if ($_POST['action'] == "wplc_user_send_msg") {
422
  $chat_id = sanitize_text_field($_POST['cid']);
423
- $chat_msg = strip_tags($_POST['msg'], '<p><a><img><hr>');
424
  $wplc_rec_msg = wplc_record_chat_msg("1",$chat_id,$chat_msg);
425
  if ($wplc_rec_msg) {
426
  echo 'sent';
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
  add_action('wp_ajax_wplc_admin_long_poll', 'wplc_init_ajax_callback');
8
  add_action('wp_ajax_wplc_admin_long_poll_chat', 'wplc_init_ajax_callback');
9
  add_action('wp_ajax_wplc_admin_accept_chat', 'wplc_init_ajax_callback');
26
  add_action('wp_ajax_nopriv_wplc_get_chat_box', 'wplc_init_ajax_callback');
27
 
28
  function wplc_init_ajax_callback() {
 
29
 
30
  $wplc_session_id = rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9);
31
  $check = is_user_logged_in() ? check_ajax_referer( 'wplc', 'security' ) : 1;
78
  if ($continue === true) {
79
  echo wplc_output_box_5100(sanitize_text_field($_POST['cid']));
80
  } else {
81
+ echo boolval($continue);
82
  }
83
  die();
84
  }
110
  /* this is a new load of the page, return false so we can force a send of the new visitor data */
111
  $old_chat_data = false;
112
  } else {
113
+ $old_chat_data = sanitize_text_field(stripslashes($_POST['wplc_update_admin_chat_table']));
114
  }
115
 
116
  $pending = wplc_check_pending_chats();
132
  echo json_encode($array);
133
  break;
134
  }
 
135
  if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
136
  $i++;
137
  }
139
  if($_POST['action'] == "wplc_admin_long_poll_chat"){
140
  if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
141
  $i = 1;
142
+ $cdata = wplc_get_chat_data(sanitize_text_field($_POST['cid']));
143
  $array = array();
144
  while($i <= $iterations){
145
  $array = apply_filters("wplc_filter_admin_long_poll_chat_loop_iteration",$array,$_POST,$i,$cdata);
147
  echo json_encode($array);
148
  break;
149
  }
 
150
  if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
151
  $i++;
152
  }
161
  }
162
  if ($_POST['action'] == "wplc_admin_send_msg") {
163
  $chat_id = sanitize_text_field($_POST['cid']);
164
+ $chat_msg = wp_filter_post_kses(strip_tags($_POST['msg'], '<a><p><img><hr>'));
165
  $wplc_rec_msg = wplc_record_chat_msg("2",$chat_id,$chat_msg);
166
  if ($wplc_rec_msg) {
167
  echo 'sent';
299
  else if( intval( $new_status ) == 12){ // no answer from admin, for the second+ time.
300
  $array['data'] = wplc_return_no_answer_string(sanitize_text_field($_POST['cid']));
301
  $array['check'] = true;
302
+ @do_action("wplc_hook_missed_chat",array("cid" => sanitize_text_field($_POST['cid']),"name" => sanitize_text_field($_POST['wplc_name']),"email" => sanitize_email($_POST['wplc_email']) ));
303
 
304
  }
305
 
361
  $array['data'] = wplc_return_no_answer_string(sanitize_text_field($_POST['cid']));
362
  $array['check'] = true;
363
  wplc_update_user_on_page(sanitize_text_field($_POST['cid']), 12, sanitize_text_field($_POST['wplcsession']));
364
+ @do_action("wplc_hook_missed_chat",array("cid" => sanitize_text_field($_POST['cid']) ,"name" => sanitize_text_field($_POST['wplc_name']),"email" => sanitize_email($_POST['wplc_email']) ));
365
 
366
  }
367
  else if( intval( $new_status ) == 10 ) { // minimized active chat
396
 
397
  if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
398
 
 
399
  }
400
  }
401
 
420
 
421
  if ($_POST['action'] == "wplc_user_send_msg") {
422
  $chat_id = sanitize_text_field($_POST['cid']);
423
+ $chat_msg = wp_filter_post_kses(strip_tags($_POST['msg'], '<p><a><img><hr>'));
424
  $wplc_rec_msg = wplc_record_chat_msg("1",$chat_id,$chat_msg);
425
  if ($wplc_rec_msg) {
426
  echo 'sent';
config.php CHANGED
@@ -2,10 +2,15 @@
2
  /*
3
  * Define important constants
4
  */
5
- define('WPLC_PLUGIN_VERSION', "8.0.30");
 
 
 
 
 
6
  define('WPLC_PLUGIN_DIR', dirname(__FILE__));
7
  define('WPLC_PLUGIN_URL', plugins_url( '/', __FILE__ ) );
8
  define('WPLC_PLUGIN', plugin_basename( __FILE__ ) );
9
- define('WLPC_UPDATE_SERVER', 'https://update.wp-livechat.com' );
10
 
11
  ?>
2
  /*
3
  * Define important constants
4
  */
5
+
6
+ if ( ! defined( 'ABSPATH' ) ) {
7
+ exit;
8
+ }
9
+
10
+ define('WPLC_PLUGIN_VERSION', "8.0.31");
11
  define('WPLC_PLUGIN_DIR', dirname(__FILE__));
12
  define('WPLC_PLUGIN_URL', plugins_url( '/', __FILE__ ) );
13
  define('WPLC_PLUGIN', plugin_basename( __FILE__ ) );
14
+ define('WPLC_ACTIVATION_SERVER', 'https://activation.wp-livechat.com' ); // gets unique ID for using chat servers
15
 
16
  ?>
functions.php CHANGED
@@ -1,5 +1,9 @@
1
  <?php
2
 
 
 
 
 
3
  function wplc_log_user_on_page($name,$email,$session, $is_mobile = false) {
4
  global $wpdb;
5
  global $wplc_tblname_chats;
@@ -592,9 +596,6 @@ function wplc_return_user_chat_messages($cid,$wplc_settings = false,$cdata = fal
592
 
593
  if (!$system_notification) {
594
  /* this is a normal message */
595
- if(function_exists('wplc_encrypt_decrypt_msg')){
596
- $msg = wplc_encrypt_decrypt_msg($msg);
597
- }
598
 
599
  $msg_array = maybe_unserialize( $msg );
600
 
@@ -606,7 +607,7 @@ function wplc_return_user_chat_messages($cid,$wplc_settings = false,$cdata = fal
606
 
607
  $msg = apply_filters("wplc_filter_message_control_out",$msg);
608
 
609
- $msg = stripslashes($msg);
610
 
611
  $msg_hist[$id]['msg'] = $msg;
612
  $msg_hist[$id]['originates'] = intval($result->originates);
@@ -779,7 +780,7 @@ function wplc_return_chat_messages($cid, $transcript = false, $html = true, $wpl
779
 
780
  $system_notification = true;
781
  $cuid = get_current_user_id();
782
- $is_agent = get_user_meta(esc_html( $cuid ), 'wplc_ma_agent', true);
783
  if ($is_agent && $result->originates == 3 ) {
784
  /* this user is an agent and the notification is meant for an agent, therefore display it */
785
  $display_notification = true;
@@ -800,10 +801,6 @@ function wplc_return_chat_messages($cid, $transcript = false, $html = true, $wpl
800
 
801
  if (!$system_notification) {
802
 
803
- if(function_exists('wplc_encrypt_decrypt_msg')){
804
- $msg = wplc_encrypt_decrypt_msg($msg);
805
- }
806
-
807
  $msg = apply_filters("wplc_filter_message_control_out",$msg);
808
 
809
  if( is_serialized( $msg ) ){
@@ -815,7 +812,7 @@ function wplc_return_chat_messages($cid, $transcript = false, $html = true, $wpl
815
  $msg = $msg;
816
  }
817
 
818
- $msg = stripslashes($msg);
819
  }
820
 
821
  if ( isset( $result->afrom ) && intval( $result->afrom ) > 0 ) {
@@ -1010,9 +1007,6 @@ function wplc_return_admin_chat_messages($cid) {
1010
 
1011
  if (!$system_notification) {
1012
  /* this is a normal message */
1013
- if(function_exists('wplc_encrypt_decrypt_msg')){
1014
- $msg = wplc_encrypt_decrypt_msg($msg);
1015
- }
1016
 
1017
  $msg_array = maybe_unserialize( $msg );
1018
 
@@ -1024,7 +1018,7 @@ function wplc_return_admin_chat_messages($cid) {
1024
 
1025
  $msg = apply_filters("wplc_filter_message_control_out",$msg);
1026
 
1027
- $msg = stripslashes($msg);
1028
 
1029
  $msg_hist[$id]['msg'] = $msg;
1030
  $msg_hist[$id]['originates'] = intval($result->originates);
@@ -1268,102 +1262,22 @@ function wplcmail($reply_to,$reply_to_name,$subject,$msg) {
1268
  }
1269
 
1270
  $email_address = explode(',', $email_address);
1271
-
1272
- if(get_option("wplc_mail_type") == "wp_mail" || !get_option('wplc_mail_type')){
1273
- $headers[] = 'Content-type: text/html';
1274
- $headers[] = 'Reply-To: '.$reply_to_name.'<'.$reply_to.'>';
1275
- if($email_address){
1276
- foreach($email_address as $email){
1277
- /* Send offline message to each email address */
1278
- $overbody = apply_filters("wplc_filter_mail_body",$subject,$msg);
1279
- if (!wp_mail($email, $subject, $overbody, $headers)) {
1280
- $error = date("Y-m-d H:i:s") . " WP-Mail Failed to send \n";
1281
- error_log($error);
1282
- }
1283
- }
1284
- }
1285
-
1286
- return;
1287
- } else {
1288
-
1289
-
1290
-
1291
- $wplc_settings = get_option("WPLC_SETTINGS");
1292
- $host = get_option('wplc_mail_host');
1293
- $port = get_option('wplc_mail_port');
1294
- $username = get_option("wplc_mail_username");
1295
- $password = get_option("wplc_mail_password");
1296
- if($host && $port && $username && $password){
1297
- //Create a new PHPMailer instance
1298
-
1299
- global $phpmailer;
1300
-
1301
- // (Re)create it, if it's gone missing
1302
- if ( ! ( $phpmailer instanceof PHPMailer ) ) {
1303
- require_once ABSPATH . WPINC . '/class-phpmailer.php';
1304
- require_once ABSPATH . WPINC . '/class-smtp.php';
1305
- $mail = new PHPMailer( true );
1306
- }
1307
-
1308
-
1309
- $mail->isSMTP();
1310
- //Enable SMTP debugging
1311
- // 0 = off (for production use)
1312
- // 1 = client messages
1313
- // 2 = client and server messages
1314
- $mail->SMTPDebug = 0;
1315
- //Ask for HTML-friendly debug output
1316
- $mail->Debugoutput = 'html';
1317
- //Set the hostname of the mail server
1318
- $mail->Host = $host;
1319
- //Set the SMTP port number - likely to be 25, 26, 465 or 587
1320
- $mail->Port = $port;
1321
- //Set the encryption system to use - ssl (deprecated) or tls
1322
- if($port == "587"){
1323
- $mail->SMTPSecure = 'tls';
1324
- } else if($port == "465"){
1325
- $mail->SMTPSecure = 'ssl';
1326
- }
1327
-
1328
- // Empty out the values that may be set
1329
- $mail->ClearAllRecipients();
1330
- $mail->ClearAttachments();
1331
- $mail->ClearCustomHeaders();
1332
- $mail->ClearReplyTos();
1333
-
1334
-
1335
- //Whether to use SMTP authentication
1336
- $mail->SMTPAuth = true;
1337
- //Username to use for SMTP authentication
1338
- $mail->Username = $username;
1339
- //Password to use for SMTP authentication
1340
- $mail->Password = $password;
1341
- //Set who the message is to be sent from
1342
- $mail->setFrom($reply_to, $reply_to_name);
1343
- //Set who the message is to be sent to
1344
- if($email_address){
1345
- foreach($email_address as $email){
1346
- $mail->addAddress($email);
1347
- }
1348
- }
1349
- //Set the subject line
1350
- $mail->Subject = $subject;
1351
- //Read an HTML message body from an external file, convert referenced images to embedded,
1352
- //convert HTML into a basic plain-text alternative body
1353
- $body = apply_filters("wplc_filter_mail_body",$subject,$msg);
1354
- $mail->msgHTML($body);
1355
- //Replace the plain text body with one created manually
1356
- $mail->AltBody = $msg;
1357
-
1358
-
1359
- //send the message, check for errors
1360
- if (!$mail->send()) {
1361
- $error = date("Y-m-d H:i:s")." ".$mail->ErrorInfo." \n";
1362
- error_log($error);
1363
  }
1364
- return;
1365
  }
1366
  }
 
 
 
1367
  }
1368
  /**
1369
  * Sends offline messages to the admin (normally via ajax)
@@ -1719,11 +1633,11 @@ function wplc_admin_display_missed_chats() {
1719
  $url3 = "?page=wplivechat-menu-missed-chats&wplc_action=remove_missed_cid&cid=" . $result->id;
1720
  $actions = "<a href='$url' class='button' title='".__('View Chat History', 'wplivechat')."' target='_BLANK' id=''><i class='fa fa-eye'></i></a> <a href='$url2' class='button' title='".__('Download Chat History', 'wplivechat')."' target='_BLANK' id=''><i class='fa fa-download'></i></a> <a href='$url3' class='button'><i class='fa fa-trash-o'></i></a>";
1721
 
1722
- echo "<tr id=\"record_" . $result->id . "\">";
1723
  echo "<td class='chat_id column-chat_d'>" . sanitize_text_field($result->timestamp) . "</td>";
1724
- echo "<td class='chat_name column_chat_name' id='chat_name_" . $result->id . "'><img src=\"//www.gravatar.com/avatar/" . md5($result->email) . "?s=30&d=mm\" class='wplc-user-message-avatar' /> " . sanitize_text_field($result->name) . "</td>";
1725
- echo "<td class='chat_email column_chat_email' id='chat_email_" . $result->id . "'><a href='mailto:" . sanitize_text_field($result->email) . "' title='Email " . ".$result->email." . "'>" . sanitize_text_field($result->email) . "</a></td>";
1726
- echo "<td class='chat_name column_chat_url' id='chat_url_" . $result->id . "'>" . esc_url($result->url) . "</td>";
1727
  echo "<td class='chat_name column_chat_url'>".$actions."</td>";
1728
  echo "</tr>";
1729
  }
@@ -2078,13 +1992,6 @@ function wplc_display_chat_contents(){
2078
  return $show_chat_contents;
2079
  }
2080
 
2081
-
2082
-
2083
- /*
2084
- * Extra functionality from previously PRO plugin
2085
- */
2086
-
2087
-
2088
  add_action("admin_init","wplc_control_logged_in_mrg");
2089
  function wplc_control_logged_in_mrg() {
2090
  $userid = get_current_user_id();
@@ -2133,22 +2040,6 @@ function wplc_advanced_access_manager_compatibility_mrg($query) {
2133
  $query->query_vars['role__not_in'] = array();
2134
  }
2135
 
2136
- add_action("init","wplc_mrg_load_updates");
2137
- function wplc_mrg_load_updates() {
2138
- if (function_exists("wplc_version_control")) {
2139
- if (!class_exists("wplc_update_control")) {
2140
- if (file_exists(WPLC_PLUGIN_DIR."/includes/update_control.class.php")) { @require_once(WPLC_PLUGIN_DIR."/includes/update_control.class.php"); }
2141
- }
2142
- if (class_exists("wplc_update_control")) {
2143
- $check_init = new wplc_update_control();
2144
- $check_init->set_slug("wp-live-chat-support");
2145
- $check_init->set_path(plugin_basename( __FILE__ ));
2146
- $check_init->set_title(__("WP Live Chat Support","wplivechat"));
2147
- $check_init->activate();
2148
- }
2149
- }
2150
- }
2151
-
2152
  add_action('init', 'wplc_mrg_version_control');
2153
 
2154
 
@@ -2311,8 +2202,8 @@ function wplc_quick_response_number_cb_mrg() {
2311
  echo '<input type="hidden" id="wplc_quick_response_number_noncename" name="wplc_quick_response_number_noncename" value="' . wp_create_nonce( plugin_basename( __FILE__ ) ) . '" />';
2312
 
2313
  $wplc_quick_response_number = get_post_meta( $post->ID, 'wplc_quick_response_number', true );
2314
- $wplc_quick_response_number = isset( $wplc_quick_response_number ) && '' !== $wplc_quick_response_number ? esc_attr( $wplc_quick_response_number ) : '1';
2315
- echo '<input type="number" id="wplc_quick_response_number" name="wplc_quick_response_number" min="1" value="' . esc_attr( $wplc_quick_response_number ) . '" />';
2316
  }
2317
 
2318
  add_action( 'save_post', 'wplc_quick_response_number_save_mrg', 1, 2 );
@@ -2329,7 +2220,7 @@ function wplc_quick_response_number_save_mrg( $post_id, $post ) {
2329
  return;
2330
  }
2331
 
2332
- update_post_meta( $post->ID, 'wplc_quick_response_number', esc_attr( $_POST['wplc_quick_response_number'] ) );
2333
 
2334
  return $post->ID;
2335
  }
@@ -2354,7 +2245,7 @@ function wplc_quick_response_manage_number_column_mrg( $column, $post_id ) {
2354
  switch ( $column ) {
2355
  case 'number':
2356
  $wplc_quick_response_number = get_post_meta( $post_id, 'wplc_quick_response_number', true );
2357
- echo ( empty( $wplc_quick_response_number ) ) ? '1' : esc_attr( $wplc_quick_response_number );
2358
  break;
2359
  default:
2360
  break;
@@ -2380,8 +2271,8 @@ add_action("wplc_hook_admin_below_chat_box","wplc_hook_control_admin_below_chat_
2380
  function wplc_hook_control_admin_below_chat_box($result) {
2381
  if ($result->status == 3) {
2382
  $wplc_settings = get_option( 'WPLC_SETTINGS' );
2383
- $wplc_quick_response_order_by = isset( $wplc_settings['wplc_quick_response_orderby'] ) ? esc_attr( $wplc_settings['wplc_quick_response_orderby'] ) : 'title';
2384
- $wplc_quick_response_order = isset( $wplc_settings['wplc_quick_response_order'] ) ? esc_attr( $wplc_settings['wplc_quick_response_order'] ) : 'DESC';
2385
  echo "<div class='admin_chat_quick_controls'>";
2386
  echo " <p style=\"text-align:left; font-size:11px;\">Press ENTER to send your message</p>";
2387
  echo wplc_return_macros_mrg( 0, $wplc_quick_response_order_by, $wplc_quick_response_order );
@@ -2604,7 +2495,7 @@ if (!function_exists("wplc_acbc_filter_control_live_chat_box_above_main_div")) {
2604
 
2605
  if (!empty($wplc_acbc_data['wplc_chat_logo'])) {
2606
  $ret_msg .= "<div id=\"wplc_logo\">";
2607
- $ret_msg .= " <img class=\"wplc_logo_class\" src=\"".urldecode(stripslashes($wplc_acbc_data['wplc_chat_logo']))."\" style=\"display:block; margin-bottom:5px; margin-left:auto; margin-right:auto;\" alt=\"".get_bloginfo('name')."\" title=\"".get_bloginfo('name')."\" />";
2608
  $ret_msg .= "</div>";
2609
  }
2610
  return $ret_msg;
@@ -2619,7 +2510,7 @@ if (!function_exists("wplc_acbc_filter_control_chat_header_under")) {
2619
  if ($wplc_acbc_data['wplc_chat_pic']) {
2620
  $ret_msg .= "<div id=\"wp-live-chat-image\">";
2621
  $ret_msg .= "<div id=\"wp-live-chat-inner-image-div\">";
2622
- $ret_msg .= "<img src=\"".urldecode($wplc_acbc_data['wplc_chat_pic'])."\" width=\"40px\"/>";
2623
  $ret_msg .= "</div>";
2624
  $ret_msg .= "</div>";
2625
 
@@ -2793,7 +2684,7 @@ if (!function_exists("wplc_choose_hook_control_action_callback")) {
2793
 
2794
  if ($_POST['action'] == "wplc_typing") {
2795
  if (isset($_POST['cid']) && isset($_POST['user']) && isset($_POST['type'])) {
2796
- echo wplc_typing_mrg($_POST['user'], intval($_POST['cid']), sanitize_text_field($_POST['type']));
2797
  }
2798
  }
2799
 
@@ -2814,12 +2705,12 @@ if (!function_exists("wplc_choose_hook_control_action_callback")) {
2814
  }
2815
 
2816
  if (isset($_FILES['file']) && isset($_POST['timestamp'])) {
2817
- $file_name = strtolower( esc_attr($_FILES['file']['name']) );
2818
  $file_name = basename($file_name); //This prevents traversal
2819
 
2820
  if(!wplc_check_file_name_for_unsafe_extension($file_name)) {
2821
  if(wplc_check_file_name_for_safe_extension($file_name)) {
2822
- if( file_exists( realpath($user_dirname . "/wp_live_chat/" . $cid . "/" . esc_attr($_FILES['file']['name']) ) ) ) {
2823
  $file_name = rand(0, 10) . "-" . $file_name;
2824
  }
2825
 
@@ -2909,8 +2800,8 @@ if (!function_exists("wplc_choose_admin_scripts")) {
2909
  if (isset($choose_array[$wplc_current_user_id]) && $choose_array[$wplc_current_user_id]) {
2910
  /* user is online */
2911
  wp_localize_script('wplc-choose-script', 'wplc_choose_accept_chats', '1');
2912
- wp_localize_script('wplc-choose-script', 'wplc_localized_offline_string', ' ');
2913
- wp_localize_script('wplc-choose-script', 'wplc_localized_quote_string', ' ');
2914
 
2915
  } else {
2916
  wp_localize_script('wplc-choose-script', 'wplc_choose_accept_chats', '0');
@@ -2958,45 +2849,6 @@ if (!function_exists("wplc_choose_hook_control_head")) {
2958
  }
2959
 
2960
 
2961
-
2962
-
2963
-
2964
-
2965
-
2966
- /**
2967
- * Encrypt the message via the filter
2968
- * @param string $msg The message
2969
- * @return string
2970
- * @since 1.0.00
2971
- * @author Nick Duncan <nick@wp-livechat.com>
2972
- */
2973
- if (!function_exists("wplc_encrypt_filter_control_message_control")) {
2974
- add_filter("wplc_filter_message_control","wplc_encrypt_filter_control_message_control",10,1);
2975
- function wplc_encrypt_filter_control_message_control($msg) {
2976
- $msg = wplc_encrypt_encrypt_msg($msg);
2977
- return $msg;
2978
- }
2979
- }
2980
-
2981
-
2982
-
2983
-
2984
- /**
2985
- * Decrypt the message via the filter
2986
- * @param string $msg The message
2987
- * @return string
2988
- * @since 1.0.00
2989
- * @author Nick Duncan <nick@wp-livechat.com>
2990
- */
2991
- if (!function_exists("wplc_encrypt_filter_control_out_message_control")) {
2992
- add_filter("wplc_filter_message_control_out","wplc_encrypt_filter_control_out_message_control",10,1);
2993
- function wplc_encrypt_filter_control_out_message_control($msg) {
2994
- $msg = wplc_encrypt_decrypt_msg($msg);
2995
- return $msg;
2996
- }
2997
- }
2998
-
2999
-
3000
  /**
3001
  * Add to the tabs filter
3002
  * @return void
@@ -3004,15 +2856,9 @@ if (!function_exists("wplc_encrypt_filter_control_out_message_control")) {
3004
  * @author Nick Duncan <nick@wp-livechat.com>
3005
  */
3006
 
3007
- if (!function_exists("wplc_encrypt_filter_control_setting_tabs")) {
3008
- add_filter("wplc_filter_setting_tabs","wplc_encrypt_filter_control_setting_tabs");
3009
- function wplc_encrypt_filter_control_setting_tabs($tab_array) {
3010
- $tab_array[9] = array(
3011
- "href" => "#tabs-9",
3012
- "icon" => 'fa fa-lock',
3013
- "label" => __("Encryption","wplivechat")
3014
- );
3015
-
3016
  $tab_array['business-hours'] = array(
3017
  'href' => '#wplc-business-hours',
3018
  'icon' => 'fa fa-clock-o',
@@ -3024,156 +2870,6 @@ if (!function_exists("wplc_encrypt_filter_control_setting_tabs")) {
3024
  }
3025
 
3026
 
3027
- /**
3028
- * Encrypt the message
3029
- * @since 1.0.0
3030
- * @return void
3031
- * @author Jarryd Long <jarryd@wp-livechat.com>
3032
- */
3033
- if (!function_exists("wplc_encrypt_encrypt_msg")) {
3034
- function wplc_encrypt_encrypt_msg($plaintext){
3035
-
3036
- $wplc_encrypt_data = get_option("WPLC_ENCRYPT_SETTINGS");
3037
- if(isset($wplc_encrypt_data['wplc_enable_encryption']) && intval($wplc_encrypt_data['wplc_enable_encryption']) == 1){
3038
-
3039
- $encrypted_salt = get_option( "wp-live-chat-support-pro_key" );
3040
- $api_key = get_option('wplc_api_key');
3041
-
3042
- if( $api_key != '' ){
3043
- /**
3044
- * Use the current API key and don't change anything
3045
- */
3046
- $api_key = $api_key;
3047
- } else {
3048
- /**
3049
- * It's empty so lets fix this
3050
- */
3051
- if( $encrypted_salt != '' ){
3052
-
3053
- $api_key = $encrypted_salt;
3054
-
3055
- } else {
3056
-
3057
- $api_key = '';
3058
-
3059
- }
3060
- }
3061
- if($api_key != ''){
3062
- $api_key = substr($api_key, 0, 10);
3063
-
3064
- $plaintext_utf8 = utf8_encode($plaintext);
3065
- $inputData = cryptoHelpers::convertStringToByteArray($plaintext);
3066
- $keyAsNumbers = cryptoHelpers::toNumbers(bin2hex($api_key));
3067
- $keyLength = count($keyAsNumbers);
3068
- $iv = cryptoHelpers::generateSharedKey(16);
3069
-
3070
- $encrypted = AES::encrypt(
3071
- $inputData,
3072
- AES::modeOfOperation_CBC,
3073
- $keyAsNumbers,
3074
- $keyLength,
3075
- $iv
3076
- );
3077
-
3078
- $retVal = $encrypted['originalsize'] . " "
3079
- . cryptoHelpers::toHex($iv) . " "
3080
- . cryptoHelpers::toHex($encrypted['cipher']);
3081
-
3082
- $message = array(
3083
- 'e' => 1,
3084
- 'm' => $retVal
3085
- );
3086
- return maybe_serialize($message);
3087
- } else {
3088
- $message = array(
3089
- 'e' => 0,
3090
- 'm' => $plaintext
3091
- );
3092
- return maybe_serialize($message);
3093
- }
3094
- } else {
3095
- $message = array(
3096
- 'e' => 0,
3097
- 'm' => $plaintext
3098
- );
3099
- return maybe_serialize($message);
3100
- }
3101
- }
3102
- }
3103
-
3104
-
3105
- /**
3106
- * Decrypt the message
3107
- * @since 1.0.0
3108
- * @return void
3109
- * @author Jarryd Long <jarryd@wp-livechat.com>
3110
- */
3111
- if (!function_exists("wplc_encrypt_decrypt_msg")) {
3112
- function wplc_encrypt_decrypt_msg($input){
3113
-
3114
- $messages = maybe_unserialize($input);
3115
-
3116
-
3117
- if(is_array($messages)){
3118
- if($messages['e'] == 1){
3119
- /* This message was encrypted */
3120
- $encrypted_salt = get_option( "wp-live-chat-support-pro_key" );
3121
- $api_key = get_option('wplc_api_key');
3122
-
3123
- if( $api_key != '' ){
3124
- /**
3125
- * Use the current API key and don't change anything
3126
- */
3127
- $api_key = $api_key;
3128
- } else {
3129
- /**
3130
- * It's empty so lets fix this
3131
- */
3132
- if( $encrypted_salt != '' ){
3133
-
3134
- $api_key = $encrypted_salt;
3135
-
3136
- } else {
3137
-
3138
- $api_key = '';
3139
-
3140
- }
3141
- }
3142
-
3143
- $api_key = substr($api_key, 0, 10);
3144
- $cipherSplit = explode( " ", $messages['m']);
3145
- $originalSize = intval($cipherSplit[0]);
3146
- $iv = cryptoHelpers::toNumbers($cipherSplit[1]);
3147
- $cipherText = $cipherSplit[2];
3148
-
3149
- $cipherIn = cryptoHelpers::toNumbers($cipherText);
3150
- $keyAsNumbers = cryptoHelpers::toNumbers(bin2hex($api_key));
3151
- $keyLength = count($keyAsNumbers);
3152
-
3153
- $decrypted = AES::decrypt(
3154
- $cipherIn,
3155
- $originalSize,
3156
- AES::modeOfOperation_CBC,
3157
- $keyAsNumbers,
3158
- $keyLength,
3159
- $iv
3160
- );
3161
-
3162
- $hexDecrypted = cryptoHelpers::toHex($decrypted);
3163
- $retVal = pack("H*" , $hexDecrypted);
3164
-
3165
- return stripslashes($retVal);
3166
- } else {
3167
- return stripslashes($messages['m']);
3168
- }
3169
- } else{
3170
- return stripslashes($input);
3171
- }
3172
- }
3173
-
3174
- }
3175
-
3176
-
3177
 
3178
  if (!function_exists("wplc_inex_filter_control_display_contents")) {
3179
  add_filter("wplc_filter_display_contents","wplc_inex_filter_control_display_contents",1);
@@ -3315,7 +3011,7 @@ if (!function_exists("wplc_ic_filter_control_admin_javascript")) {
3315
  if (!function_exists("wplc_ic_check_if_user_is_agent")) {
3316
  function wplc_ic_check_if_user_is_agent(){
3317
  $user_id = get_current_user_id();
3318
- if (esc_attr(get_the_author_meta('wplc_ma_agent', $user_id ) ) == "1"){
3319
  return $user_id;
3320
  } else {
3321
  return "not_user_agent";
@@ -3547,7 +3243,7 @@ if (!function_exists("wplc_maa_update_agent_id")) {
3547
  if (!function_exists("wplc_maa_check_if_user_is_agent")) {
3548
  function wplc_maa_check_if_user_is_agent(){
3549
  $user_id = get_current_user_id();
3550
- if (esc_attr(get_the_author_meta('wplc_ma_agent', $user_id ) ) == "1"){
3551
  return $user_id;
3552
  } else {
3553
  return "not_user_agent";
@@ -3579,7 +3275,8 @@ if (!function_exists("wplc_hook_control_ma_check_if_answered_by_another_agent"))
3579
  global $wpdb;
3580
  global $wplc_tblname_chats;
3581
  $cid = intval($cid);
3582
- $sql = "SELECT * FROM `$wplc_tblname_chats` WHERE `id` = '".$cid."'";
 
3583
  $result = $wpdb->get_row($sql);
3584
  if(intval($result->agent_id) == intval($aid)){
3585
  return false;
@@ -3656,7 +3353,7 @@ if (!function_exists("wplc_maa_set_user_as_agent")) {
3656
  if ( current_user_can( 'manage_options' ) ) {
3657
 
3658
  if(isset($_POST['wplc_ma_agent'])){
3659
- update_user_meta( $user_id, 'wplc_ma_agent', $_POST['wplc_ma_agent']);
3660
  } else {
3661
  delete_user_meta( $user_id, 'wplc_ma_agent');
3662
  }
@@ -3699,7 +3396,7 @@ if (!function_exists("wplc_maa_custom_user_profile_fields")) {
3699
  </th>
3700
  <td>
3701
  <label for="wplc_ma_agent">
3702
- <input name="wplc_ma_agent" type="checkbox" id="wplc_ma_agent" value="1" <?php if (esc_attr( get_the_author_meta( 'wplc_ma_agent', $user->ID ) ) == "1") { echo "checked=\"checked\""; } ?>>
3703
  <?php _e("Make this user a chat agent","wplivechat"); ?></label>
3704
  </td>
3705
  </tr>
@@ -3715,7 +3412,7 @@ if (!function_exists("wplc_maa_custom_user_profile_fields")) {
3715
  </th>
3716
  <td>
3717
  <label for="wplc_ma_agent">
3718
- <input name="wplc_ma_agent" type="checkbox" id="wplc_ma_agent" value="1" <?php if (esc_attr( get_the_author_meta( 'wplc_ma_agent', $user->ID ) ) == "1") { echo "checked=\"checked\""; } ?>>
3719
  <?php _e("Make this user a chat agent","wplivechat"); ?></label>
3720
  </td>
3721
  </tr>
@@ -4225,7 +3922,7 @@ if (!function_exists("wplc_ma_hook_control_action_callback")) {
4225
  function wplc_ma_hook_control_set_transient() {
4226
  $should_set_transient = apply_filters("wplc_filter_control_set_transient",true);
4227
  if ($should_set_transient) {
4228
- if (isset($_POST['user_id'])) { $user_id = $_POST['user_id']; } else { $user_id = get_current_user_id(); }
4229
  wplc_maa_set_agents_online($user_id);
4230
  }
4231
  remove_action("wplc_hook_set_transient","wplc_hook_control_set_transient");
@@ -4237,7 +3934,7 @@ if (!function_exists("wplc_ma_hook_control_action_callback")) {
4237
  if (!function_exists("wplc_ma_hook_control_remove_transient")) {
4238
  add_action("wplc_hook_remove_transient","wplc_ma_hook_control_remove_transient",9);
4239
  function wplc_ma_hook_control_remove_transient() {
4240
- wplc_maa_remove_agents_online($_POST['user_id']);
4241
  remove_action("wplc_hook_remove_transient","wplc_hook_control_remove_transient");
4242
  }
4243
  }
@@ -4277,7 +3974,7 @@ if (!function_exists("wplc_ma_hook_control_action_callback")) {
4277
 
4278
  if ($_POST['action'] == "wplc_macro") {
4279
  if (isset($_POST['postid'])) {
4280
- $post_id = $_POST['postid'];
4281
  } else {
4282
  return false;
4283
  }
@@ -4331,7 +4028,7 @@ if (!function_exists("wplc_ma_hook_control_action_callback")) {
4331
  if (!function_exists("wplc_maa_set_agents_online")) {
4332
  function wplc_maa_set_agents_online($user_id){
4333
 
4334
- if (esc_attr( get_the_author_meta( 'wplc_ma_agent', $user_id ) ) == "1"){
4335
 
4336
  update_user_meta($user_id, "wplc_chat_agent_online", time());
4337
  }
@@ -4441,7 +4138,7 @@ function nifty_record_rating_mrg($cid, $rating, $comment){
4441
  //Cleanup here
4442
  $cid = intval($cid);
4443
  $rating = intval($rating);
4444
- $comment = esc_attr($comment);
4445
 
4446
  if(nifty_chat_has_rating_mrg($cid)){ //Update
4447
  $sql = "UPDATE $wplc_tblname_chat_ratings SET `aid` = '%d', `rating` = '%d', `comment` = '%s', `timestamp` = '%s', `notified` = 0 WHERE `cid` = '%d' LIMIT 1";
@@ -4922,13 +4619,13 @@ function wplc_add_js_admin_chat_area_control_mrg($cid, $chat_data = false){
4922
 
4923
  ?>
4924
  <script>
4925
- var wplc_name_override = "<?php echo $tname; ?>";
4926
  </script>
4927
  <?php
4928
  } else if(isset($acbc_settings['wplc_chat_name'])){
4929
  ?>
4930
  <script>
4931
- var wplc_name_override = "<?php echo stripslashes($acbc_settings['wplc_chat_name']) ?>";
4932
  </script>
4933
  <?php
4934
  }
@@ -5002,79 +4699,15 @@ function wplc_offline_message_autoresponder_mrg( $data ){
5002
  /**
5003
  * Using contents of wplcmail function as we need additional functionality for this
5004
  */
5005
- if(get_option("wplc_mail_type") == "wp_mail" || !get_option('wplc_mail_type')){
5006
- $headers[] = 'Content-type: text/html';
5007
- $headers[] = 'Reply-To: '.$wplc_ar_from_name.'<'.$wplc_ar_from_email.'>';
5008
- $overbody = apply_filters("wplc_filter_mail_body",$wplc_ar_subject, htmlspecialchars_decode(stripslashes( $wplc_ar_body ) ) );
5009
- if (!wp_mail($wplc_user_email, $wplc_ar_subject, $overbody, $headers)) {
5010
- $error = date("Y-m-d H:i:s") . " WP-Mail Failed to send \n";
5011
- error_log($error);
5012
- }
5013
- return;
5014
- } else {
5015
-
5016
- global $phpmailer;
5017
-
5018
- // (Re)create it, if it's gone missing
5019
- if ( ! ( $phpmailer instanceof PHPMailer ) ) {
5020
- require_once ABSPATH . WPINC . '/class-phpmailer.php';
5021
- require_once ABSPATH . WPINC . '/class-smtp.php';
5022
- $mail = new PHPMailer( true );
5023
- }
5024
-
5025
-
5026
- $host = get_option('wplc_mail_host');
5027
- $port = get_option('wplc_mail_port');
5028
- $username = get_option("wplc_mail_username");
5029
- $password = get_option("wplc_mail_password");
5030
- if($host && $port && $username && $password){
5031
-
5032
- $mail->isSMTP();
5033
- //Enable SMTP debugging
5034
- // 0 = off (for production use)
5035
- // 1 = client messages
5036
- // 2 = client and server messages
5037
- $mail->SMTPDebug = 0;
5038
- //Ask for HTML-friendly debug output
5039
- $mail->Debugoutput = 'html';
5040
- //Set the hostname of the mail server
5041
- $mail->Host = $host;
5042
- //Set the SMTP port number - likely to be 25, 26, 465 or 587
5043
- $mail->Port = $port;
5044
- //Set the encryption system to use - ssl (deprecated) or tls
5045
- if($port == "587"){
5046
- $mail->SMTPSecure = 'tls';
5047
- } else if($port == "465"){
5048
- $mail->SMTPSecure = 'ssl';
5049
- }
5050
- //Whether to use SMTP authentication
5051
- $mail->SMTPAuth = true;
5052
- //Username to use for SMTP authentication
5053
- $mail->Username = $username;
5054
- //Password to use for SMTP authentication
5055
- $mail->Password = $password;
5056
- //Set who the message is to be sent from
5057
- $mail->setFrom($wplc_ar_from_email, $wplc_ar_from_name);
5058
- //Set who the message is to be sent to
5059
- $mail->addAddress($wplc_user_email);
5060
- //Set the subject line
5061
- $mail->Subject = $wplc_ar_subject;
5062
- //HTML will render
5063
- $mail->isHTML(true);
5064
- //Read an HTML message body from an external file, convert referenced images to embedded,
5065
- //convert HTML into a basic plain-text alternative body
5066
- $body = apply_filters("wplc_filter_mail_body",$wplc_ar_subject, htmlspecialchars_decode(stripslashes( $wplc_ar_body ) ) );
5067
- $mail->msgHTML($body);
5068
- //Replace the plain text body with one created manually
5069
- $mail->AltBody = $msg;
5070
- //send the message, check for errors
5071
- if (!$mail->send()) {
5072
- $error = date("Y-m-d H:i:s")." ".$mail->ErrorInfo." \n";
5073
- error_log($error);
5074
- }
5075
- return;
5076
- }
5077
- }
5078
  }
5079
 
5080
  }
@@ -5085,11 +4718,11 @@ function wplc_auto_responder_settings_mrg(){
5085
 
5086
  if (isset($_POST['wplc_save_settings'])) {
5087
  $wplc_data = array();
5088
- if (isset($_POST['wplc_ar_enable'])) { $wplc_data['wplc_ar_enable'] = esc_attr($_POST['wplc_ar_enable']); }
5089
- if (isset($_POST['wplc_ar_from_name'])) { $wplc_data['wplc_ar_from_name'] = esc_attr($_POST['wplc_ar_from_name']); }
5090
- if (isset($_POST['wplc_ar_from_email'])) { $wplc_data['wplc_ar_from_email'] = esc_attr($_POST['wplc_ar_from_email']); }
5091
- if (isset($_POST['wplc_ar_subject'])) { $wplc_data['wplc_ar_subject'] = esc_attr($_POST['wplc_ar_subject']); }
5092
- if (isset($_POST['wplc_ar_body'])) { $wplc_data['wplc_ar_body'] = esc_attr($_POST['wplc_ar_body']); }
5093
 
5094
  update_option( "WPLC_AUTO_RESPONDER_SETTINGS", $wplc_data );
5095
 
@@ -5498,7 +5131,7 @@ function wplc_check_file_mime_type($filepath){
5498
  } else if(class_exists('finfo')){
5499
  $result = new finfo();
5500
  if (is_resource($result) === true) {
5501
- $mime = $result->file($filepath, FILEINFO_MIME_TYPE);
5502
  }
5503
  }
5504
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
  function wplc_log_user_on_page($name,$email,$session, $is_mobile = false) {
8
  global $wpdb;
9
  global $wplc_tblname_chats;
596
 
597
  if (!$system_notification) {
598
  /* this is a normal message */
 
 
 
599
 
600
  $msg_array = maybe_unserialize( $msg );
601
 
607
 
608
  $msg = apply_filters("wplc_filter_message_control_out",$msg);
609
 
610
+ $msg = sanitize_text_field(stripslashes($msg));
611
 
612
  $msg_hist[$id]['msg'] = $msg;
613
  $msg_hist[$id]['originates'] = intval($result->originates);
780
 
781
  $system_notification = true;
782
  $cuid = get_current_user_id();
783
+ $is_agent = get_user_meta(intval( $cuid ), 'wplc_ma_agent', true);
784
  if ($is_agent && $result->originates == 3 ) {
785
  /* this user is an agent and the notification is meant for an agent, therefore display it */
786
  $display_notification = true;
801
 
802
  if (!$system_notification) {
803
 
 
 
 
 
804
  $msg = apply_filters("wplc_filter_message_control_out",$msg);
805
 
806
  if( is_serialized( $msg ) ){
812
  $msg = $msg;
813
  }
814
 
815
+ $msg = sanitize_text_field(stripslashes($msg));
816
  }
817
 
818
  if ( isset( $result->afrom ) && intval( $result->afrom ) > 0 ) {
1007
 
1008
  if (!$system_notification) {
1009
  /* this is a normal message */
 
 
 
1010
 
1011
  $msg_array = maybe_unserialize( $msg );
1012
 
1018
 
1019
  $msg = apply_filters("wplc_filter_message_control_out",$msg);
1020
 
1021
+ $msg = sanitize_text_field(stripslashes($msg));
1022
 
1023
  $msg_hist[$id]['msg'] = $msg;
1024
  $msg_hist[$id]['originates'] = intval($result->originates);
1262
  }
1263
 
1264
  $email_address = explode(',', $email_address);
1265
+
1266
+ $headers[] = 'Content-type: text/html';
1267
+ $headers[] = 'Reply-To: '.$reply_to_name.'<'.$reply_to.'>';
1268
+ if($email_address){
1269
+ foreach($email_address as $email){
1270
+ /* Send offline message to each email address */
1271
+ $overbody = apply_filters("wplc_filter_mail_body",$subject,$msg);
1272
+ if (!wp_mail($email, $subject, $overbody, $headers)) {
1273
+ $error = date("Y-m-d H:i:s") . " WP-Mail Failed to send \n";
1274
+ error_log($error);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1275
  }
 
1276
  }
1277
  }
1278
+
1279
+ return;
1280
+
1281
  }
1282
  /**
1283
  * Sends offline messages to the admin (normally via ajax)
1633
  $url3 = "?page=wplivechat-menu-missed-chats&wplc_action=remove_missed_cid&cid=" . $result->id;
1634
  $actions = "<a href='$url' class='button' title='".__('View Chat History', 'wplivechat')."' target='_BLANK' id=''><i class='fa fa-eye'></i></a> <a href='$url2' class='button' title='".__('Download Chat History', 'wplivechat')."' target='_BLANK' id=''><i class='fa fa-download'></i></a> <a href='$url3' class='button'><i class='fa fa-trash-o'></i></a>";
1635
 
1636
+ echo "<tr id=\"record_" . intval($result->id) . "\">";
1637
  echo "<td class='chat_id column-chat_d'>" . sanitize_text_field($result->timestamp) . "</td>";
1638
+ echo "<td class='chat_name column_chat_name' id='chat_name_" . intval($result->id) . "'><img src=\"//www.gravatar.com/avatar/" . md5($result->email) . "?s=30&d=mm\" class='wplc-user-message-avatar' /> " . sanitize_text_field($result->name) . "</td>";
1639
+ echo "<td class='chat_email column_chat_email' id='chat_email_" . intval($result->id) . "'><a href='mailto:" . sanitize_text_field($result->email) . "' title='Email " . ".$result->email." . "'>" . sanitize_text_field($result->email) . "</a></td>";
1640
+ echo "<td class='chat_name column_chat_url' id='chat_url_" . intval($result->id) . "'>" . esc_url($result->url) . "</td>";
1641
  echo "<td class='chat_name column_chat_url'>".$actions."</td>";
1642
  echo "</tr>";
1643
  }
1992
  return $show_chat_contents;
1993
  }
1994
 
 
 
 
 
 
 
 
1995
  add_action("admin_init","wplc_control_logged_in_mrg");
1996
  function wplc_control_logged_in_mrg() {
1997
  $userid = get_current_user_id();
2040
  $query->query_vars['role__not_in'] = array();
2041
  }
2042
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2043
  add_action('init', 'wplc_mrg_version_control');
2044
 
2045
 
2202
  echo '<input type="hidden" id="wplc_quick_response_number_noncename" name="wplc_quick_response_number_noncename" value="' . wp_create_nonce( plugin_basename( __FILE__ ) ) . '" />';
2203
 
2204
  $wplc_quick_response_number = get_post_meta( $post->ID, 'wplc_quick_response_number', true );
2205
+ $wplc_quick_response_number = isset( $wplc_quick_response_number ) && '' !== $wplc_quick_response_number ? intval( $wplc_quick_response_number ) : 1;
2206
+ echo '<input type="number" id="wplc_quick_response_number" name="wplc_quick_response_number" min="1" value="' . intval( $wplc_quick_response_number ) . '" />';
2207
  }
2208
 
2209
  add_action( 'save_post', 'wplc_quick_response_number_save_mrg', 1, 2 );
2220
  return;
2221
  }
2222
 
2223
+ update_post_meta( $post->ID, 'wplc_quick_response_number', intval( $_POST['wplc_quick_response_number'] ) );
2224
 
2225
  return $post->ID;
2226
  }
2245
  switch ( $column ) {
2246
  case 'number':
2247
  $wplc_quick_response_number = get_post_meta( $post_id, 'wplc_quick_response_number', true );
2248
+ echo ( empty( $wplc_quick_response_number ) ) ? 1 : intval( $wplc_quick_response_number );
2249
  break;
2250
  default:
2251
  break;
2271
  function wplc_hook_control_admin_below_chat_box($result) {
2272
  if ($result->status == 3) {
2273
  $wplc_settings = get_option( 'WPLC_SETTINGS' );
2274
+ $wplc_quick_response_order_by = isset( $wplc_settings['wplc_quick_response_orderby'] ) ? sanitize_text_field( $wplc_settings['wplc_quick_response_orderby'] ) : 'title';
2275
+ $wplc_quick_response_order = isset( $wplc_settings['wplc_quick_response_order'] ) ? sanitize_text_field( $wplc_settings['wplc_quick_response_order'] ) : 'DESC';
2276
  echo "<div class='admin_chat_quick_controls'>";
2277
  echo " <p style=\"text-align:left; font-size:11px;\">Press ENTER to send your message</p>";
2278
  echo wplc_return_macros_mrg( 0, $wplc_quick_response_order_by, $wplc_quick_response_order );
2495
 
2496
  if (!empty($wplc_acbc_data['wplc_chat_logo'])) {
2497
  $ret_msg .= "<div id=\"wplc_logo\">";
2498
+ $ret_msg .= " <img class=\"wplc_logo_class\" src=\"".urldecode(sanitize_text_field(stripslashes($wplc_acbc_data['wplc_chat_logo'])))."\" style=\"display:block; margin-bottom:5px; margin-left:auto; margin-right:auto;\" alt=\"".get_bloginfo('name')."\" title=\"".get_bloginfo('name')."\" />";
2499
  $ret_msg .= "</div>";
2500
  }
2501
  return $ret_msg;
2510
  if ($wplc_acbc_data['wplc_chat_pic']) {
2511
  $ret_msg .= "<div id=\"wp-live-chat-image\">";
2512
  $ret_msg .= "<div id=\"wp-live-chat-inner-image-div\">";
2513
+ $ret_msg .= "<img src=\"".urldecode(esc_url($wplc_acbc_data['wplc_chat_pic']))."\" width=\"40px\"/>";
2514
  $ret_msg .= "</div>";
2515
  $ret_msg .= "</div>";
2516
 
2684
 
2685
  if ($_POST['action'] == "wplc_typing") {
2686
  if (isset($_POST['cid']) && isset($_POST['user']) && isset($_POST['type'])) {
2687
+ echo wplc_typing_mrg(sanitize_text_field($_POST['user']), intval($_POST['cid']), sanitize_text_field($_POST['type']));
2688
  }
2689
  }
2690
 
2705
  }
2706
 
2707
  if (isset($_FILES['file']) && isset($_POST['timestamp'])) {
2708
+ $file_name = strtolower( sanitize_file_name($_FILES['file']['name']) );
2709
  $file_name = basename($file_name); //This prevents traversal
2710
 
2711
  if(!wplc_check_file_name_for_unsafe_extension($file_name)) {
2712
  if(wplc_check_file_name_for_safe_extension($file_name)) {
2713
+ if( file_exists( realpath($user_dirname . "/wp_live_chat/" . $cid . "/" . sanitize_file_name($_FILES['file']['name']) ) ) ) {
2714
  $file_name = rand(0, 10) . "-" . $file_name;
2715
  }
2716
 
2800
  if (isset($choose_array[$wplc_current_user_id]) && $choose_array[$wplc_current_user_id]) {
2801
  /* user is online */
2802
  wp_localize_script('wplc-choose-script', 'wplc_choose_accept_chats', '1');
2803
+ //wp_localize_script('wplc-choose-script', 'wplc_localized_offline_string', ' ');
2804
+ //wp_localize_script('wplc-choose-script', 'wplc_localized_quote_string', ' ');
2805
 
2806
  } else {
2807
  wp_localize_script('wplc-choose-script', 'wplc_choose_accept_chats', '0');
2849
  }
2850
 
2851
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2852
  /**
2853
  * Add to the tabs filter
2854
  * @return void
2856
  * @author Nick Duncan <nick@wp-livechat.com>
2857
  */
2858
 
2859
+ if (!function_exists("wplc_business_hours_filter_control_setting_tabs")) {
2860
+ add_filter("wplc_filter_setting_tabs","wplc_business_hours_filter_control_setting_tabs");
2861
+ function wplc_business_hours_filter_control_setting_tabs($tab_array) {
 
 
 
 
 
 
2862
  $tab_array['business-hours'] = array(
2863
  'href' => '#wplc-business-hours',
2864
  'icon' => 'fa fa-clock-o',
2870
  }
2871
 
2872
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2873
 
2874
  if (!function_exists("wplc_inex_filter_control_display_contents")) {
2875
  add_filter("wplc_filter_display_contents","wplc_inex_filter_control_display_contents",1);
3011
  if (!function_exists("wplc_ic_check_if_user_is_agent")) {
3012
  function wplc_ic_check_if_user_is_agent(){
3013
  $user_id = get_current_user_id();
3014
+ if (sanitize_text_field(get_the_author_meta('wplc_ma_agent', $user_id ) ) == "1"){
3015
  return $user_id;
3016
  } else {
3017
  return "not_user_agent";
3243
  if (!function_exists("wplc_maa_check_if_user_is_agent")) {
3244
  function wplc_maa_check_if_user_is_agent(){
3245
  $user_id = get_current_user_id();
3246
+ if (sanitize_text_field(get_the_author_meta('wplc_ma_agent', $user_id ) ) == "1"){
3247
  return $user_id;
3248
  } else {
3249
  return "not_user_agent";
3275
  global $wpdb;
3276
  global $wplc_tblname_chats;
3277
  $cid = intval($cid);
3278
+ $sql = "SELECT * FROM `$wplc_tblname_chats` WHERE `id` = '%d'";
3279
+ $sql = $wpdb->prepare($sql, $cid);
3280
  $result = $wpdb->get_row($sql);
3281
  if(intval($result->agent_id) == intval($aid)){
3282
  return false;
3353
  if ( current_user_can( 'manage_options' ) ) {
3354
 
3355
  if(isset($_POST['wplc_ma_agent'])){
3356
+ update_user_meta( $user_id, 'wplc_ma_agent', sanitize_text_field($_POST['wplc_ma_agent']));
3357
  } else {
3358
  delete_user_meta( $user_id, 'wplc_ma_agent');
3359
  }
3396
  </th>
3397
  <td>
3398
  <label for="wplc_ma_agent">
3399
+ <input name="wplc_ma_agent" type="checkbox" id="wplc_ma_agent" value="1" <?php if (sanitize_text_field( get_the_author_meta( 'wplc_ma_agent', $user->ID ) ) == "1") { echo "checked=\"checked\""; } ?>>
3400
  <?php _e("Make this user a chat agent","wplivechat"); ?></label>
3401
  </td>
3402
  </tr>
3412
  </th>
3413
  <td>
3414
  <label for="wplc_ma_agent">
3415
+ <input name="wplc_ma_agent" type="checkbox" id="wplc_ma_agent" value="1" <?php if (sanitize_text_field( get_the_author_meta( 'wplc_ma_agent', $user->ID ) ) == "1") { echo "checked=\"checked\""; } ?>>
3416
  <?php _e("Make this user a chat agent","wplivechat"); ?></label>
3417
  </td>
3418
  </tr>
3922
  function wplc_ma_hook_control_set_transient() {
3923
  $should_set_transient = apply_filters("wplc_filter_control_set_transient",true);
3924
  if ($should_set_transient) {
3925
+ if (isset($_POST['user_id'])) { $user_id = sanitize_text_field($_POST['user_id']); } else { $user_id = get_current_user_id(); }
3926
  wplc_maa_set_agents_online($user_id);
3927
  }
3928
  remove_action("wplc_hook_set_transient","wplc_hook_control_set_transient");
3934
  if (!function_exists("wplc_ma_hook_control_remove_transient")) {
3935
  add_action("wplc_hook_remove_transient","wplc_ma_hook_control_remove_transient",9);
3936
  function wplc_ma_hook_control_remove_transient() {
3937
+ wplc_maa_remove_agents_online(sanitize_text_field($_POST['user_id']));
3938
  remove_action("wplc_hook_remove_transient","wplc_hook_control_remove_transient");
3939
  }
3940
  }
3974
 
3975
  if ($_POST['action'] == "wplc_macro") {
3976
  if (isset($_POST['postid'])) {
3977
+ $post_id = sanitize_text_field($_POST['postid']);
3978
  } else {
3979
  return false;
3980
  }
4028
  if (!function_exists("wplc_maa_set_agents_online")) {
4029
  function wplc_maa_set_agents_online($user_id){
4030
 
4031
+ if (sanitize_text_field( get_the_author_meta( 'wplc_ma_agent', $user_id ) ) == "1"){
4032
 
4033
  update_user_meta($user_id, "wplc_chat_agent_online", time());
4034
  }
4138
  //Cleanup here
4139
  $cid = intval($cid);
4140
  $rating = intval($rating);
4141
+ $comment = sanitize_text_field($comment);
4142
 
4143
  if(nifty_chat_has_rating_mrg($cid)){ //Update
4144
  $sql = "UPDATE $wplc_tblname_chat_ratings SET `aid` = '%d', `rating` = '%d', `comment` = '%s', `timestamp` = '%s', `notified` = 0 WHERE `cid` = '%d' LIMIT 1";
4619
 
4620
  ?>
4621
  <script>
4622
+ var wplc_name_override = "<?php echo sanitize_text_field($tname); ?>";
4623
  </script>
4624
  <?php
4625
  } else if(isset($acbc_settings['wplc_chat_name'])){
4626
  ?>
4627
  <script>
4628
+ var wplc_name_override = "<?php echo sanitize_text_field(stripslashes($acbc_settings['wplc_chat_name'])) ?>";
4629
  </script>
4630
  <?php
4631
  }
4699
  /**
4700
  * Using contents of wplcmail function as we need additional functionality for this
4701
  */
4702
+ $headers[] = 'Content-type: text/html';
4703
+ $headers[] = 'Reply-To: '.$wplc_ar_from_name.'<'.$wplc_ar_from_email.'>';
4704
+ $overbody = apply_filters("wplc_filter_mail_body",$wplc_ar_subject, htmlspecialchars_decode(stripslashes( $wplc_ar_body ) ) );
4705
+ if (!wp_mail($wplc_user_email, $wplc_ar_subject, $overbody, $headers)) {
4706
+ $error = date("Y-m-d H:i:s") . " WP-Mail Failed to send \n";
4707
+ error_log($error);
4708
+ }
4709
+ return;
4710
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
4711
  }
4712
 
4713
  }
4718
 
4719
  if (isset($_POST['wplc_save_settings'])) {
4720
  $wplc_data = array();
4721
+ if (isset($_POST['wplc_ar_enable'])) { $wplc_data['wplc_ar_enable'] = sanitize_text_field($_POST['wplc_ar_enable']); }
4722
+ if (isset($_POST['wplc_ar_from_name'])) { $wplc_data['wplc_ar_from_name'] = sanitize_text_field($_POST['wplc_ar_from_name']); }
4723
+ if (isset($_POST['wplc_ar_from_email'])) { $wplc_data['wplc_ar_from_email'] = sanitize_text_field($_POST['wplc_ar_from_email']); }
4724
+ if (isset($_POST['wplc_ar_subject'])) { $wplc_data['wplc_ar_subject'] = sanitize_text_field($_POST['wplc_ar_subject']); }
4725
+ if (isset($_POST['wplc_ar_body'])) { $wplc_data['wplc_ar_body'] = sanitize_text_field($_POST['wplc_ar_body']); }
4726
 
4727
  update_option( "WPLC_AUTO_RESPONDER_SETTINGS", $wplc_data );
4728
 
5131
  } else if(class_exists('finfo')){
5132
  $result = new finfo();
5133
  if (is_resource($result) === true) {
5134
+ $mime = $result->file(realpath($filepath), FILEINFO_MIME_TYPE);
5135
  }
5136
  }
5137
 
includes/Mobile_Detect.php CHANGED
@@ -22,6 +22,9 @@
22
  *
23
  * @version 2.8.3
24
  */
 
 
 
25
 
26
  class Mobile_Detect
27
  {
22
  *
23
  * @version 2.8.3
24
  */
25
+ if ( ! defined( 'ABSPATH' ) ) {
26
+ exit;
27
+ }
28
 
29
  class Mobile_Detect
30
  {
includes/aes_fast.php DELETED
@@ -1,706 +0,0 @@
1
- <?php
2
-
3
- /*
4
- * aes.php: implements AES - Advanced Encryption Standard
5
- * from the SlowAES project, http://code.google.com/p/slowaes/
6
- *
7
- * Copyright (c) 2008 Josh Davis ( http://www.josh-davis.org ),
8
- * Mark Percival ( http://mpercival.com ),
9
- *
10
- * Ported from C code written by Laurent Haan ( http://www.progressive-coding.com )
11
- *
12
- * Ported from JavaScript to PHP by ALeX Kazik
13
- *
14
- * Licensed under the Apache License, Version 2.0
15
- * http://www.apache.org/licenses/
16
- */
17
-
18
- class AES {
19
- /*
20
- * START AES SECTION
21
- */
22
-
23
- const keySize_128 = 16;
24
- const keySize_192 = 24;
25
- const keySize_256 = 32;
26
-
27
- // Rijndael S-box
28
- private static $sbox = array(
29
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
30
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
31
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
32
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
33
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
34
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
35
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
36
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
37
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
38
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
39
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
40
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
41
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
42
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
43
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
44
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
45
- );
46
-
47
- // Rijndael Inverted S-box
48
- private static $rsbox = array(
49
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
50
- , 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
51
- , 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
52
- , 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
53
- , 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
54
- , 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
55
- , 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
56
- , 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
57
- , 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
58
- , 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
59
- , 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
60
- , 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
61
- , 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
62
- , 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
63
- , 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
64
- , 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
65
- );
66
-
67
- /* rotate the word eight bits to the left */
68
- private static function rotate($word){
69
- $c = $word[0];
70
- for ($i = 0; $i < 3; $i++)
71
- $word[$i] = $word[$i+1];
72
- $word[3] = $c;
73
-
74
- return $word;
75
- }
76
-
77
- // Rijndael Rcon
78
- private static $Rcon = array(
79
- 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
80
- 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
81
- 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
82
- 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d,
83
- 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab,
84
- 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d,
85
- 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25,
86
- 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01,
87
- 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d,
88
- 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa,
89
- 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a,
90
- 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02,
91
- 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
92
- 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
93
- 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
94
- 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
95
- 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f,
96
- 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5,
97
- 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33,
98
- 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb
99
- );
100
-
101
- private static $G2X = array(
102
- 0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16,
103
- 0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e,
104
- 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46,
105
- 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e,
106
- 0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76,
107
- 0x78, 0x7a, 0x7c, 0x7e, 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e,
108
- 0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, 0xa0, 0xa2, 0xa4, 0xa6,
109
- 0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe,
110
- 0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6,
111
- 0xd8, 0xda, 0xdc, 0xde, 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee,
112
- 0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, 0x1b, 0x19, 0x1f, 0x1d,
113
- 0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05,
114
- 0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d,
115
- 0x23, 0x21, 0x27, 0x25, 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55,
116
- 0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, 0x7b, 0x79, 0x7f, 0x7d,
117
- 0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65,
118
- 0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d,
119
- 0x83, 0x81, 0x87, 0x85, 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5,
120
- 0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, 0xdb, 0xd9, 0xdf, 0xdd,
121
- 0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5,
122
- 0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed,
123
- 0xe3, 0xe1, 0xe7, 0xe5
124
- );
125
-
126
- private static $G3X = array(
127
- 0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d,
128
- 0x14, 0x17, 0x12, 0x11, 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39,
129
- 0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, 0x60, 0x63, 0x66, 0x65,
130
- 0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71,
131
- 0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d,
132
- 0x44, 0x47, 0x42, 0x41, 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9,
133
- 0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, 0xf0, 0xf3, 0xf6, 0xf5,
134
- 0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1,
135
- 0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd,
136
- 0xb4, 0xb7, 0xb2, 0xb1, 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99,
137
- 0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, 0x9b, 0x98, 0x9d, 0x9e,
138
- 0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a,
139
- 0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6,
140
- 0xbf, 0xbc, 0xb9, 0xba, 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2,
141
- 0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, 0xcb, 0xc8, 0xcd, 0xce,
142
- 0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda,
143
- 0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46,
144
- 0x4f, 0x4c, 0x49, 0x4a, 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62,
145
- 0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, 0x3b, 0x38, 0x3d, 0x3e,
146
- 0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a,
147
- 0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16,
148
- 0x1f, 0x1c, 0x19, 0x1a
149
- );
150
-
151
- private static $G9X = array(
152
- 0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53,
153
- 0x6c, 0x65, 0x7e, 0x77, 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf,
154
- 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 0x3b, 0x32, 0x29, 0x20,
155
- 0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c,
156
- 0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8,
157
- 0xc7, 0xce, 0xd5, 0xdc, 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49,
158
- 0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, 0xe6, 0xef, 0xf4, 0xfd,
159
- 0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91,
160
- 0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e,
161
- 0x21, 0x28, 0x33, 0x3a, 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2,
162
- 0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, 0xec, 0xe5, 0xfe, 0xf7,
163
- 0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b,
164
- 0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f,
165
- 0x10, 0x19, 0x02, 0x0b, 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8,
166
- 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 0x47, 0x4e, 0x55, 0x5c,
167
- 0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30,
168
- 0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9,
169
- 0xf6, 0xff, 0xe4, 0xed, 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35,
170
- 0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, 0xa1, 0xa8, 0xb3, 0xba,
171
- 0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6,
172
- 0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62,
173
- 0x5d, 0x54, 0x4f, 0x46
174
- );
175
-
176
- private static $GBX = array(
177
- 0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45,
178
- 0x74, 0x7f, 0x62, 0x69, 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81,
179
- 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 0x7b, 0x70, 0x6d, 0x66,
180
- 0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12,
181
- 0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e,
182
- 0xbf, 0xb4, 0xa9, 0xa2, 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7,
183
- 0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, 0x46, 0x4d, 0x50, 0x5b,
184
- 0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f,
185
- 0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8,
186
- 0xf9, 0xf2, 0xef, 0xe4, 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c,
187
- 0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, 0xf7, 0xfc, 0xe1, 0xea,
188
- 0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e,
189
- 0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02,
190
- 0x33, 0x38, 0x25, 0x2e, 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd,
191
- 0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, 0x3c, 0x37, 0x2a, 0x21,
192
- 0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55,
193
- 0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44,
194
- 0x75, 0x7e, 0x63, 0x68, 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80,
195
- 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 0x7a, 0x71, 0x6c, 0x67,
196
- 0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13,
197
- 0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f,
198
- 0xbe, 0xb5, 0xa8, 0xa3
199
- );
200
-
201
- private static $GDX = array(
202
- 0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f,
203
- 0x5c, 0x51, 0x46, 0x4b, 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3,
204
- 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 0xbb, 0xb6, 0xa1, 0xac,
205
- 0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0,
206
- 0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14,
207
- 0x37, 0x3a, 0x2d, 0x20, 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e,
208
- 0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 0xbd, 0xb0, 0xa7, 0xaa,
209
- 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6,
210
- 0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9,
211
- 0x8a, 0x87, 0x90, 0x9d, 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25,
212
- 0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, 0xda, 0xd7, 0xc0, 0xcd,
213
- 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91,
214
- 0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75,
215
- 0x56, 0x5b, 0x4c, 0x41, 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42,
216
- 0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, 0xb1, 0xbc, 0xab, 0xa6,
217
- 0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa,
218
- 0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8,
219
- 0xeb, 0xe6, 0xf1, 0xfc, 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44,
220
- 0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 0x0c, 0x01, 0x16, 0x1b,
221
- 0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47,
222
- 0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3,
223
- 0x80, 0x8d, 0x9a, 0x97
224
- );
225
-
226
- private static $GEX = array(
227
- 0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62,
228
- 0x48, 0x46, 0x54, 0x5a, 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca,
229
- 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 0xdb, 0xd5, 0xc7, 0xc9,
230
- 0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81,
231
- 0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59,
232
- 0x73, 0x7d, 0x6f, 0x61, 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87,
233
- 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 0x4d, 0x43, 0x51, 0x5f,
234
- 0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17,
235
- 0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14,
236
- 0x3e, 0x30, 0x22, 0x2c, 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc,
237
- 0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, 0x41, 0x4f, 0x5d, 0x53,
238
- 0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b,
239
- 0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3,
240
- 0xe9, 0xe7, 0xf5, 0xfb, 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0,
241
- 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 0x7a, 0x74, 0x66, 0x68,
242
- 0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20,
243
- 0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e,
244
- 0xa4, 0xaa, 0xb8, 0xb6, 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26,
245
- 0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, 0x37, 0x39, 0x2b, 0x25,
246
- 0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d,
247
- 0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5,
248
- 0x9f, 0x91, 0x83, 0x8d
249
- );
250
-
251
- // Key Schedule Core
252
- private static function core($word,$iteration){
253
- /* rotate the 32-bit word 8 bits to the left */
254
- $word = self::rotate($word);
255
- /* apply S-Box substitution on all 4 parts of the 32-bit word */
256
- for ($i = 0; $i < 4; ++$i)
257
- $word[$i] = self::$sbox[$word[$i]];
258
- /* XOR the output of the rcon operation with i to the first part (leftmost) only */
259
- $word[0] = $word[0]^self::$Rcon[$iteration];
260
- return $word;
261
- }
262
-
263
- /* Rijndael's key expansion
264
- * expands an 128,192,256 key into an 176,208,240 bytes key
265
- *
266
- * expandedKey is a pointer to an char array of large enough size
267
- * key is a pointer to a non-expanded key
268
- */
269
- private static function expandKey($key,$size)
270
- {
271
- $expandedKeySize = (16*(self::numberOfRounds($size)+1));
272
-
273
- /* current expanded keySize, in bytes */
274
- $currentSize = 0;
275
- $rconIteration = 1;
276
- $t = array(); // temporary 4-byte variable
277
-
278
- $expandedKey = array();
279
- for($i = 0;$i < $expandedKeySize;$i++)
280
- $expandedKey[$i] = 0;
281
-
282
- /* set the 16,24,32 bytes of the expanded key to the input key */
283
- for ($j = 0; $j < $size; $j++)
284
- $expandedKey[$j] = $key[$j];
285
- $currentSize += $size;
286
-
287
- while ($currentSize < $expandedKeySize)
288
- {
289
- /* assign the previous 4 bytes to the temporary value t */
290
- for ($k = 0; $k < 4; $k++)
291
- $t[$k] = $expandedKey[($currentSize - 4) + $k];
292
-
293
- /* every 16,24,32 bytes we apply the core schedule to t
294
- * and increment rconIteration afterwards
295
- */
296
- if($currentSize % $size == 0)
297
- $t = self::core($t, $rconIteration++);
298
-
299
- /* For 256-bit keys, we add an extra sbox to the calculation */
300
- if($size == self::keySize_256 && (($currentSize % $size) == 16))
301
- for($l = 0; $l < 4; $l++)
302
- $t[$l] = self::$sbox[$t[$l]];
303
-
304
- /* We XOR t with the four-byte block 16,24,32 bytes before the new expanded key.
305
- * This becomes the next four bytes in the expanded key.
306
- */
307
- for($m = 0; $m < 4; $m++) {
308
- $expandedKey[$currentSize] = $expandedKey[$currentSize - $size] ^ $t[$m];
309
- $currentSize++;
310
- }
311
- }
312
- return $expandedKey;
313
- }
314
-
315
- // Adds (XORs) the round key to the state
316
- private static function addRoundKey($state,$roundKey){
317
- for ($i = 0; $i < 16; $i++)
318
- $state[$i] = $state[$i] ^ $roundKey[$i];
319
- return $state;
320
- }
321
-
322
- // Creates a round key from the given expanded key and the
323
- // position within the expanded key.
324
- private static function createRoundKey($expandedKey,$roundKeyPointer){
325
- $roundKey = array();
326
- for ($i = 0; $i < 4; $i++)
327
- for ($j = 0; $j < 4; $j++)
328
- $roundKey[$j*4+$i] = $expandedKey[$roundKeyPointer + $i*4 + $j];
329
- return $roundKey;
330
- }
331
-
332
- /* substitute all the values from the state with the value in the SBox
333
- * using the state value as index for the SBox
334
- */
335
- private static function subBytes($state,$isInv){
336
- for ($i = 0; $i < 16; $i++)
337
- $state[$i] = $isInv?self::$rsbox[$state[$i]]:self::$sbox[$state[$i]];
338
- return $state;
339
- }
340
-
341
- /* iterate over the 4 rows and call shiftRow() with that row */
342
- private static function shiftRows($state,$isInv){
343
- for ($i = 0; $i < 4; $i++)
344
- $state = self::shiftRow($state,$i*4, $i,$isInv);
345
- return $state;
346
- }
347
-
348
- /* each iteration shifts the row to the left by 1 */
349
- private static function shiftRow($state,$statePointer,$nbr,$isInv){
350
- for ($i = 0; $i < $nbr; $i++)
351
- {
352
- if($isInv)
353
- {
354
- $tmp = $state[$statePointer + 3];
355
- for ($j = 3; $j > 0; $j--)
356
- $state[$statePointer + $j] = $state[$statePointer + $j-1];
357
- $state[$statePointer] = $tmp;
358
- }
359
- else
360
- {
361
- $tmp = $state[$statePointer];
362
- for ($j = 0; $j < 3; $j++)
363
- $state[$statePointer + $j] = $state[$statePointer + $j+1];
364
- $state[$statePointer + 3] = $tmp;
365
- }
366
- }
367
- return $state;
368
- }
369
-
370
- // galois multipication of the 4x4 matrix
371
- private static function mixColumns($state,$isInv){
372
- $t = array();
373
-
374
- if (!$isInv) {
375
- for ($c = 0; $c < 4; $c++) {
376
- $t[ $c] = self::$G2X[$state[$c]] ^ self::$G3X[$state[4+$c]] ^ $state[8+$c] ^ $state[12+$c];
377
- $t[ 4+$c] = $state[$c] ^ self::$G2X[$state[4+$c]] ^ self::$G3X[$state[8+$c]] ^ $state[12+$c];
378
- $t[ 8+$c] = $state[$c] ^ $state[4+$c] ^ self::$G2X[$state[8+$c]] ^ self::$G3X[$state[12+$c]];
379
- $t[12+$c] = self::$G3X[$state[$c]] ^ $state[4+$c] ^ $state[8+$c] ^ self::$G2X[$state[12+$c]];
380
- }
381
- }else {
382
- for ($c = 0; $c < 16; $c+=4) {
383
- $t[ $c] = self::$GEX[$state[$c]] ^ self::$GBX[$state[4+$c]] ^ self::$GDX[$state[8+$c]] ^ self::$G9X[$state[12+$c]];
384
- $t[1+$c] = self::$G9X[$state[$c]] ^ self::$GEX[$state[4+$c]] ^ self::$GBX[$state[8+$c]] ^ self::$GDX[$state[12+$c]];
385
- $t[2+$c] = self::$GDX[$state[$c]] ^ self::$G9X[$state[4+$c]] ^ self::$GEX[$state[8+$c]] ^ self::$GBX[$state[12+$c]];
386
- $t[3+$c] = self::$GBX[$state[$c]] ^ self::$GDX[$state[4+$c]] ^ self::$G9X[$state[8+$c]] ^ self::$GEX[$state[12+$c]];
387
- }
388
- }
389
-
390
- return $t;
391
- }
392
-
393
- // applies the 4 operations of the forward round in sequence
394
- private static function round($state, $roundKey){
395
- $state = self::subBytes($state,false);
396
- $state = self::shiftRows($state,false);
397
- $state = self::mixColumns($state,false);
398
- $state = self::addRoundKey($state, $roundKey);
399
- return $state;
400
- }
401
-
402
- // applies the 4 operations of the inverse round in sequence
403
- private static function invRound($state,$roundKey){
404
- $state = self::shiftRows($state,true);
405
- $state = self::subBytes($state,true);
406
- $state = self::addRoundKey($state, $roundKey);
407
- $state = self::mixColumns($state,true);
408
- return $state;
409
- }
410
-
411
- /*
412
- * Perform the initial operations, the standard round, and the final operations
413
- * of the forward aes, creating a round key for each round
414
- */
415
- private static function main($state,$expandedKey,$nbrRounds){
416
- $state = self::addRoundKey($state, self::createRoundKey($expandedKey,0));
417
- for ($i = 1; $i < $nbrRounds; $i++)
418
- $state = self::round($state, self::createRoundKey($expandedKey,16*$i));
419
- $state = self::subBytes($state,false);
420
- $state = self::shiftRows($state,false);
421
- $state = self::addRoundKey($state, self::createRoundKey($expandedKey,16*$nbrRounds));
422
- return $state;
423
- }
424
-
425
- /*
426
- * Perform the initial operations, the standard round, and the final operations
427
- * of the inverse aes, creating a round key for each round
428
- */
429
- private static function invMain($state, $expandedKey, $nbrRounds){
430
- $state = self::addRoundKey($state, self::createRoundKey($expandedKey,16*$nbrRounds));
431
- for ($i = $nbrRounds-1; $i > 0; $i--)
432
- $state = self::invRound($state, self::createRoundKey($expandedKey,16*$i));
433
- $state = self::shiftRows($state,true);
434
- $state = self::subBytes($state,true);
435
- $state = self::addRoundKey($state, self::createRoundKey($expandedKey,0));
436
- return $state;
437
- }
438
-
439
- private static function numberOfRounds($size){
440
- $nbrRounds;
441
- switch ($size) /* set the number of rounds */
442
- {
443
- case self::keySize_128:
444
- $nbrRounds = 10;
445
- break;
446
- case self::keySize_192:
447
- $nbrRounds = 12;
448
- break;
449
- case self::keySize_256:
450
- $nbrRounds = 14;
451
- break;
452
- default:
453
- return null;
454
- break;
455
- }
456
- return $nbrRounds;
457
- }
458
-
459
- // encrypts a 128 bit input block against the given key of size specified
460
- private static function encryptBlock($input,$key,$size){
461
- $output = array();
462
- $block = array(); /* the 128 bit block to encode */
463
- $nbrRounds = self::numberOfRounds($size);
464
- /* Set the block values, for the block:
465
- * a0,0 a0,1 a0,2 a0,3
466
- * a1,0 a1,1 a1,2 a1,3
467
- * a2,0 a2,1 a2,2 a2,3
468
- * a3,0 a3,1 a3,2 a3,3
469
- * the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
470
- */
471
- for ($i = 0; $i < 4; $i++) /* iterate over the columns */
472
- for ($j = 0; $j < 4; $j++) /* iterate over the rows */
473
- $block[($i+($j*4))] = $input[($i*4)+$j];
474
-
475
- /* expand the key into an 176, 208, 240 bytes key */
476
- $expandedKey = self::expandKey($key, $size); /* the expanded key */
477
- /* encrypt the block using the expandedKey */
478
- $block = self::main($block, $expandedKey, $nbrRounds);
479
- for ($k = 0; $k < 4; $k++) /* unmap the block again into the output */
480
- for ($l = 0; $l < 4; $l++) /* iterate over the rows */
481
- $output[($k*4)+$l] = $block[($k+($l*4))];
482
- return $output;
483
- }
484
-
485
- // decrypts a 128 bit input block against the given key of size specified
486
- private static function decryptBlock($input, $key, $size){
487
- $output = array();
488
- $block = array(); /* the 128 bit block to decode */
489
- $nbrRounds = self::numberOfRounds($size);
490
- /* Set the block values, for the block:
491
- * a0,0 a0,1 a0,2 a0,3
492
- * a1,0 a1,1 a1,2 a1,3
493
- * a2,0 a2,1 a2,2 a2,3
494
- * a3,0 a3,1 a3,2 a3,3
495
- * the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
496
- */
497
- for ($i = 0; $i < 4; $i++) /* iterate over the columns */
498
- for ($j = 0; $j < 4; $j++) /* iterate over the rows */
499
- $block[($i+($j*4))] = $input[($i*4)+$j];
500
- /* expand the key into an 176, 208, 240 bytes key */
501
- $expandedKey = self::expandKey($key, $size);
502
- /* decrypt the block using the expandedKey */
503
- $block = self::invMain($block, $expandedKey, $nbrRounds);
504
- for ($k = 0; $k < 4; $k++)/* unmap the block again into the output */
505
- for ($l = 0; $l < 4; $l++)/* iterate over the rows */
506
- $output[($k*4)+$l] = $block[($k+($l*4))];
507
- return $output;
508
- }
509
- /*
510
- * END AES SECTION
511
- */
512
-
513
- /*
514
- * START MODE OF OPERATION SECTION
515
- */
516
- //structure of supported modes of operation
517
- const modeOfOperation_OFB = 0;
518
- const modeOfOperation_CFB = 1;
519
- const modeOfOperation_CBC = 2;
520
-
521
- // gets a properly padded block
522
- private static function getPaddedBlock($bytesIn,$start,$end,$mode){
523
- if($end - $start > 16)
524
- $end = $start + 16;
525
-
526
- $xarray = array_slice($bytesIn, $start, $end-$start);
527
-
528
- $cpad = 16 - count($xarray);
529
-
530
- while(count($xarray) < 16){
531
- array_push($xarray, $cpad);
532
- }
533
-
534
- return $xarray;
535
- }
536
-
537
- /*
538
- * Mode of Operation Encryption
539
- * bytesIn - Input String as array of bytes
540
- * mode - mode of type modeOfOperation
541
- * key - a number array of length 'size'
542
- * size - the bit length of the key
543
- * iv - the 128 bit number array Initialization Vector
544
- */
545
- public static function encrypt($bytesIn, $mode, $key, $size, $iv){
546
- if(count($key)%$size)
547
- {
548
- throw new Exception('Key length does not match specified size.');
549
- }
550
- if(count($iv)%16)
551
- {
552
- throw new Exception('iv length must be 128 bits.');
553
- }
554
- // the AES input/output
555
- $byteArray = array();
556
- $input = array();
557
- $output = array();
558
- $ciphertext = array();
559
- $cipherOut = array();
560
- // char firstRound
561
- $firstRound = true;
562
- if ($bytesIn !== null)
563
- {
564
- for ($j = 0;$j < ceil(count($bytesIn)/16); $j++)
565
- {
566
- $start = $j*16;
567
- $end = $j*16+16;
568
- if($j*16+16 > count($bytesIn))
569
- $end = count($bytesIn);
570
- $byteArray = self::getPaddedBlock($bytesIn,$start,$end,$mode);
571
- if ($mode == self::modeOfOperation_CFB)
572
- {
573
- if ($firstRound)
574
- {
575
- $output = self::encryptBlock($iv, $key, $size);
576
- $firstRound = false;
577
- }
578
- else
579
- $output = self::encryptBlock($input, $key, $size);
580
- for ($i = 0; $i < 16; $i++)
581
- $ciphertext[$i] = $byteArray[$i] ^ $output[$i];
582
- for($k = 0;$k < $end-$start;$k++)
583
- array_push($cipherOut, $ciphertext[$k]);
584
- $input = $ciphertext;
585
- }
586
- else if ($mode == self::modeOfOperation_OFB)
587
- {
588
- if ($firstRound)
589
- {
590
- $output = self::encryptBlock($iv, $key, $size);
591
- $firstRound = false;
592
- }
593
- else
594
- $output = self::encryptBlock($input, $key, $size);
595
- for ($i = 0; $i < 16; $i++)
596
- $ciphertext[$i] = $byteArray[$i] ^ $output[$i];
597
- for($k = 0;$k < $end-$start;$k++)
598
- array_push($cipherOut, $ciphertext[$k]);
599
- $input = $output;
600
- }
601
- else if ($mode == self::modeOfOperation_CBC)
602
- {
603
- for ($i = 0; $i < 16; $i++)
604
- $input[$i] = $byteArray[$i] ^ (($firstRound) ? $iv[$i] : $ciphertext[$i]);
605
- $firstRound = false;
606
- $ciphertext = self::encryptBlock($input, $key, $size);
607
- // always 16 bytes because of the padding for CBC
608
- for($k = 0;$k < 16;$k++)
609
- array_push($cipherOut, $ciphertext[$k]);
610
- }
611
- }
612
- }
613
- return array('mode' => $mode, 'originalsize' => count($bytesIn), 'cipher' => $cipherOut);
614
- }
615
-
616
- /*
617
- * Mode of Operation Decryption
618
- * cipherIn - Encrypted String as array of bytes
619
- * originalsize - The unencrypted string length - required for CBC
620
- * mode - mode of type modeOfOperation
621
- * key - a number array of length 'size'
622
- * size - the bit length of the key
623
- * iv - the 128 bit number array Initialization Vector
624
- */
625
- public static function decrypt($cipherIn,$originalsize,$mode,$key,$size,$iv)
626
- {
627
- if(count($key)%$size)
628
- {
629
- throw new Exception('Key length does not match specified size.');
630
- return null;
631
- }
632
- if(count($iv)%16)
633
- {
634
- throw new Exception('iv length must be 128 bits.');
635
- }
636
- // the AES input/output
637
- $ciphertext = array();
638
- $input = array();
639
- $output = array();
640
- $byteArray = array();
641
- $bytesOut = array();
642
- // char firstRound
643
- $firstRound = true;
644
- if ($cipherIn !== null)
645
- {
646
- for ($j = 0;$j < ceil(count($cipherIn)/16); $j++)
647
- {
648
- $start = $j*16;
649
- $end = $j*16+16;
650
- if($j*16+16 > count($cipherIn))
651
- $end = count($cipherIn);
652
- $ciphertext = self::getPaddedBlock($cipherIn,$start,$end,$mode);
653
- if ($mode == self::modeOfOperation_CFB)
654
- {
655
- if ($firstRound)
656
- {
657
- $output = self::encryptBlock($iv, $key, $size);
658
- $firstRound = false;
659
- }
660
- else
661
- $output = self::encryptBlock($input, $key, $size);
662
- for ($i = 0; $i < 16; $i++)
663
- $byteArray[$i] = $output[$i] ^ $ciphertext[$i];
664
- for($k = 0;$k < $end-$start;$k++)
665
- array_push($bytesOut, $byteArray[$k]);
666
- $input = $ciphertext;
667
- }
668
- else if ($mode == self::modeOfOperation_OFB)
669
- {
670
- if ($firstRound)
671
- {
672
- $output = self::encryptBlock($iv, $key, $size);
673
- $firstRound = false;
674
- }
675
- else
676
- $output = self::encryptBlock($input, $key, $size);
677
- for ($i = 0; $i < 16; $i++)
678
- $byteArray[$i] = $output[$i] ^ $ciphertext[$i];
679
- for($k = 0;$k < $end-$start;$k++)
680
- array_push($bytesOut, $byteArray[$k]);
681
- $input = $output;
682
- }
683
- else if($mode == self::modeOfOperation_CBC)
684
- {
685
- $output = self::decryptBlock($ciphertext, $key, $size);
686
- for ($i = 0; $i < 16; $i++)
687
- $byteArray[$i] = (($firstRound) ? $iv[$i] : $input[$i]) ^ $output[$i];
688
- $firstRound = false;
689
- if ($originalsize < $end)
690
- for($k = 0;$k < $originalsize-$start;$k++)
691
- array_push($bytesOut, $byteArray[$k]);
692
- else
693
- for($k = 0;$k < $end-$start;$k++)
694
- array_push($bytesOut, $byteArray[$k]);
695
- $input = $ciphertext;
696
- }
697
- }
698
- }
699
- return $bytesOut;
700
- }
701
- /*
702
- * END MODE OF OPERATION SECTION
703
- */
704
- }
705
-
706
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
includes/blocks/wplc-chat-box/index.php CHANGED
@@ -30,10 +30,10 @@ function wplc_gutenberg_settings_content() {
30
  $checked = ( @$gutenberg_enable == 1 ? 'checked' : '' );
31
  $gutenberg_size = ( $gutenberg_settings['wplc_gutenberg_size'] ) ? $gutenberg_settings['wplc_gutenberg_size'] : 2;
32
  $gutenberg_defail_logo = WPLC_PLUGIN_URL.'/images/wplc_loading.png';
33
- $gutenberg_logo = ( $gutenberg_settings['wplc_gutenberg_logo'] == '' ) ? $gutenberg_defail_logo : $gutenberg_settings['wplc_gutenberg_logo'];
34
- $gutenberg_text = ( $gutenberg_settings['wplc_gutenberg_text'] ) ? $gutenberg_settings['wplc_gutenberg_text'] : 'Live Chat';
35
- $gutenberg_icon = ( $gutenberg_settings['wplc_gutenberg_icon'] ) ? $gutenberg_settings['wplc_gutenberg_icon'] : 'fa-commenting-o';
36
- $gutenberg_enable_icon = ( $gutenberg_settings['wplc_gutenberg_enable_icon'] !== null ) ? $gutenberg_settings['wplc_gutenberg_enable_icon'] : 1;
37
  $icon_checked = ( @$gutenberg_enable_icon == 1 ? 'checked' : '' );
38
  $gutenberg_custom_html = ( $gutenberg_settings['wplc_custom_html'] ) ? $gutenberg_settings['wplc_custom_html'] : '';
39
  ?>
@@ -113,7 +113,7 @@ function wplc_gutenberg_settings_content() {
113
  <td>
114
  <div id='wplc_custom_html_editor'></div>
115
  <textarea name='wplc_custom_html' id='wplc_custom_html' style='display: none;' data-editor='css' rows='12'>
116
- <?php echo strip_tags( stripslashes( trim($gutenberg_custom_html))); ?>
117
  </textarea>
118
 
119
 
@@ -150,25 +150,25 @@ function wplc_gutenberg_save_settings() {
150
  }
151
 
152
  if (isset($_POST['wplc_gutenberg_logo']) && $_POST['wplc_gutenberg_logo'] !== '0') {
153
- $wplc_gutenberg_data['wplc_gutenberg_logo'] = esc_attr($_POST['wplc_gutenberg_logo']);
154
  } else {
155
  $wplc_gutenberg_data['wplc_gutenberg_logo'] = WPLC_PLUGIN_URL.'/images/wplc_loading.png';
156
  }
157
 
158
  if (isset($_POST['wplc_gutenberg_size']) && $_POST['wplc_gutenberg_size'] !== '0') {
159
- $wplc_gutenberg_data['wplc_gutenberg_size'] = esc_attr($_POST['wplc_gutenberg_size']);
160
  } else {
161
  $wplc_gutenberg_data['wplc_gutenberg_size'] = '2';
162
  }
163
 
164
  if (isset($_POST['wplc_gutenberg_text']) && $_POST['wplc_gutenberg_text'] !== '0') {
165
- $wplc_gutenberg_data['wplc_gutenberg_text'] = esc_attr($_POST['wplc_gutenberg_text']);
166
  } else {
167
  $wplc_gutenberg_data['wplc_gutenberg_text'] = 'Live Chat';
168
  }
169
 
170
  if (isset($_POST['wplc_gutenberg_icon']) && $_POST['wplc_gutenberg_icon'] !== '0') {
171
- $wplc_gutenberg_data['wplc_gutenberg_icon'] = esc_attr($_POST['wplc_gutenberg_icon']);
172
  } else {
173
  $wplc_gutenberg_data['wplc_gutenberg_icon'] = 'fa-commenting-o';
174
  }
@@ -180,7 +180,7 @@ function wplc_gutenberg_save_settings() {
180
  }
181
 
182
  if (isset($_POST['wplc_custom_html']) && $_POST['wplc_custom_html'] !== '0') {
183
- $wplc_gutenberg_data['wplc_custom_html'] = esc_attr($_POST['wplc_custom_html']);
184
  } else {
185
  $default_html = '\n<div class="wplc_block">\n\t<span class="wplc_block_logo">{wplc_logo}</span>\n\t<span class="wplc_block_text">{wplc_text}</span>\n\t<span class="wplc_block_icon">{wplc_icon}</span>\n</div>';
186
 
@@ -206,11 +206,11 @@ function wplc_chat_box_block_editor_assets() {
206
  $gutenberg_logo = $gutenberg_settings['wplc_gutenberg_logo'];
207
  $settings['wplc_typing'] = __("Type here","wplivechat");
208
  $settings['wplc_enabled'] = $gutenberg_settings['wplc_gutenberg_enable'];
209
- $settings['wplc_size'] = ( $gutenberg_settings['wplc_gutenberg_size'] ? esc_attr( $gutenberg_settings['wplc_gutenberg_size'] ) : 2 );
210
  $settings['wplc_logo'] = $gutenberg_logo;
211
- $settings['wplc_text'] = ( $gutenberg_settings['wplc_gutenberg_text'] ? esc_attr( $gutenberg_settings['wplc_gutenberg_text'] ) : __( 'Live Chat', 'wplivechat' ) );
212
 
213
- $settings['wplc_icon'] = ( $gutenberg_settings['wplc_gutenberg_icon'] ? esc_attr( $gutenberg_settings['wplc_gutenberg_icon'] ) : 'fa-commenting-o' );
214
  $settings['wplc_icon_enabled'] = $gutenberg_settings['wplc_gutenberg_enable_icon'];
215
  $settings['wplc_custom_html'] = $gutenberg_settings['wplc_custom_html'];
216
 
30
  $checked = ( @$gutenberg_enable == 1 ? 'checked' : '' );
31
  $gutenberg_size = ( $gutenberg_settings['wplc_gutenberg_size'] ) ? $gutenberg_settings['wplc_gutenberg_size'] : 2;
32
  $gutenberg_defail_logo = WPLC_PLUGIN_URL.'/images/wplc_loading.png';
33
+ $gutenberg_logo = ( $gutenberg_settings['wplc_gutenberg_logo'] == '' ) ? esc_url($gutenberg_defail_logo) : $gutenberg_settings['wplc_gutenberg_logo'];
34
+ $gutenberg_text = ( $gutenberg_settings['wplc_gutenberg_text'] ) ? sanitize_text_field($gutenberg_settings['wplc_gutenberg_text']) : 'Live Chat';
35
+ $gutenberg_icon = ( $gutenberg_settings['wplc_gutenberg_icon'] ) ? esc_url($gutenberg_settings['wplc_gutenberg_icon']) : 'fa-commenting-o';
36
+ $gutenberg_enable_icon = ( $gutenberg_settings['wplc_gutenberg_enable_icon'] !== null ) ? intval($gutenberg_settings['wplc_gutenberg_enable_icon']) : 1;
37
  $icon_checked = ( @$gutenberg_enable_icon == 1 ? 'checked' : '' );
38
  $gutenberg_custom_html = ( $gutenberg_settings['wplc_custom_html'] ) ? $gutenberg_settings['wplc_custom_html'] : '';
39
  ?>
113
  <td>
114
  <div id='wplc_custom_html_editor'></div>
115
  <textarea name='wplc_custom_html' id='wplc_custom_html' style='display: none;' data-editor='css' rows='12'>
116
+ <?php echo wp_filter_post_kses( stripslashes( trim($gutenberg_custom_html))); ?>
117
  </textarea>
118
 
119
 
150
  }
151
 
152
  if (isset($_POST['wplc_gutenberg_logo']) && $_POST['wplc_gutenberg_logo'] !== '0') {
153
+ $wplc_gutenberg_data['wplc_gutenberg_logo'] = esc_url($_POST['wplc_gutenberg_logo']);
154
  } else {
155
  $wplc_gutenberg_data['wplc_gutenberg_logo'] = WPLC_PLUGIN_URL.'/images/wplc_loading.png';
156
  }
157
 
158
  if (isset($_POST['wplc_gutenberg_size']) && $_POST['wplc_gutenberg_size'] !== '0') {
159
+ $wplc_gutenberg_data['wplc_gutenberg_size'] = sanitize_text_field($_POST['wplc_gutenberg_size']);
160
  } else {
161
  $wplc_gutenberg_data['wplc_gutenberg_size'] = '2';
162
  }
163
 
164
  if (isset($_POST['wplc_gutenberg_text']) && $_POST['wplc_gutenberg_text'] !== '0') {
165
+ $wplc_gutenberg_data['wplc_gutenberg_text'] = sanitize_text_field($_POST['wplc_gutenberg_text']);
166
  } else {
167
  $wplc_gutenberg_data['wplc_gutenberg_text'] = 'Live Chat';
168
  }
169
 
170
  if (isset($_POST['wplc_gutenberg_icon']) && $_POST['wplc_gutenberg_icon'] !== '0') {
171
+ $wplc_gutenberg_data['wplc_gutenberg_icon'] = sanitize_text_field($_POST['wplc_gutenberg_icon']);
172
  } else {
173
  $wplc_gutenberg_data['wplc_gutenberg_icon'] = 'fa-commenting-o';
174
  }
180
  }
181
 
182
  if (isset($_POST['wplc_custom_html']) && $_POST['wplc_custom_html'] !== '0') {
183
+ $wplc_gutenberg_data['wplc_custom_html'] = wp_filter_post_kses($_POST['wplc_custom_html']);
184
  } else {
185
  $default_html = '\n<div class="wplc_block">\n\t<span class="wplc_block_logo">{wplc_logo}</span>\n\t<span class="wplc_block_text">{wplc_text}</span>\n\t<span class="wplc_block_icon">{wplc_icon}</span>\n</div>';
186
 
206
  $gutenberg_logo = $gutenberg_settings['wplc_gutenberg_logo'];
207
  $settings['wplc_typing'] = __("Type here","wplivechat");
208
  $settings['wplc_enabled'] = $gutenberg_settings['wplc_gutenberg_enable'];
209
+ $settings['wplc_size'] = ( $gutenberg_settings['wplc_gutenberg_size'] ? sanitize_text_field( $gutenberg_settings['wplc_gutenberg_size'] ) : 2 );
210
  $settings['wplc_logo'] = $gutenberg_logo;
211
+ $settings['wplc_text'] = ( $gutenberg_settings['wplc_gutenberg_text'] ? sanitize_text_field( $gutenberg_settings['wplc_gutenberg_text'] ) : __( 'Live Chat', 'wplivechat' ) );
212
 
213
+ $settings['wplc_icon'] = ( $gutenberg_settings['wplc_gutenberg_icon'] ? sanitize_text_field( $gutenberg_settings['wplc_gutenberg_icon'] ) : 'fa-commenting-o' );
214
  $settings['wplc_icon_enabled'] = $gutenberg_settings['wplc_gutenberg_enable_icon'];
215
  $settings['wplc_custom_html'] = $gutenberg_settings['wplc_custom_html'];
216
 
includes/cryptoHelpers.php DELETED
@@ -1,100 +0,0 @@
1
- <?php
2
-
3
- /*
4
- * cryptoHelpers.php: implements AES - Advanced Encryption Standard
5
- * from the SlowAES project, http://code.google.com/p/slowaes/
6
- *
7
- * Copyright (c) 2008 Josh Davis ( http://www.josh-davis.org ),
8
- * Mark Percival ( http://mpercival.com ),
9
- * Johan Sundstrom ( http://ecmanaut.blogspot.com ),
10
- * John Resig ( http://ejohn.org )
11
- *
12
- * Ported from JavaScript to PHP by ALeX Kazik
13
- *
14
- * Licensed under the Apache License, Version 2.0
15
- * http://www.apache.org/licenses/
16
- */
17
-
18
- class cryptoHelpers {
19
- /*
20
- for utf8 en-/decoding see:
21
- http://www.php.net/manual/en/function.utf8-encode.php
22
- http://www.php.net/manual/en/function.iconv.php
23
- http://www.php.net/manual/en/function.mb-convert-encoding.php
24
- */
25
-
26
- //convert a number array to a hex string
27
- public static function toHex($args){
28
- if(func_num_args() != 1 || !is_array($args)){
29
- $args = func_get_args();
30
- }
31
- $ret = '';
32
- for($i = 0; $i < count($args) ;$i++)
33
- $ret .= sprintf('%02x', $args[$i]);
34
- return $ret;
35
- }
36
-
37
- //convert a hex string to a number array
38
- public static function toNumbers($s){
39
- $ret = array();
40
- for($i=0; $i<strlen($s); $i+=2){
41
- $ret[] = hexdec(substr($s, $i, 2));
42
- }
43
- return $ret;
44
- }
45
-
46
- // get a random number in the range [min,max]
47
- public static function getRandom($min,$max){
48
- if($min === null)
49
- $min = 0;
50
- if($max === null)
51
- $max = 1;
52
- return mt_rand($min, $max);
53
- }
54
-
55
- public static function generateSharedKey($len){
56
- if($len === null)
57
- $len = 16;
58
- $key = array();
59
- for($i = 0; $i < $len; $i++)
60
- $key[] = self::getRandom(0,255);
61
- return $key;
62
- }
63
-
64
- public static function generatePrivateKey($s,$size){
65
- if(function_exists('mhash') && defined('MHASH_SHA256')){
66
- return convertStringToByteArray(substr(mhash(MHASH_SHA256, $s), 0, $size));
67
- }else{
68
- throw new Exception('cryptoHelpers::generatePrivateKey currently requires mhash');
69
- }
70
- }
71
-
72
- public static function convertStringToByteArray($s){
73
- $byteArray = array();
74
- for($i = 0; $i < strlen($s); $i++){
75
- $byteArray[] = ord($s[$i]);
76
- }
77
- return $byteArray;
78
- }
79
-
80
- public static function convertByteArrayToString($byteArray){
81
- $s = '';
82
- for($i = 0; $i < count($byteArray); $i++){
83
- $s .= chr($byteArray[$i]);
84
- }
85
- return $s;
86
- }
87
-
88
- public static function base64_encode_line($b){
89
- return base64_encode(self::convertByteArrayToString($b));
90
- }
91
-
92
- public static function base64_encode($b){
93
- $b64 = self::base64_encode_line($b);
94
- return chunk_split($b, 64, "\n");
95
- }
96
-
97
- public static function base64_decode($b){
98
- return self::convertStringToByteArray(base64_decode($b));
99
- }
100
- };
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
includes/dashboard_page.php CHANGED
@@ -1,3 +1,9 @@
 
 
 
 
 
 
1
  <script>
2
  var nifty_api_key = '<?php echo get_option("wplc_node_server_secret_token"); ?>';
3
  </script>
@@ -10,7 +16,7 @@
10
  $sql = "SELECT COUNT(id) as total_chats FROM `$wplc_tblname_chats` WHERE `agent_id` <> 0";
11
  $results = $wpdb->get_row( $sql );
12
  if ($results) {
13
- $total_count = $results->total_chats;
14
  } else {
15
  $total_count = 0;
16
  }
1
+ <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+ ?>
6
+
7
  <script>
8
  var nifty_api_key = '<?php echo get_option("wplc_node_server_secret_token"); ?>';
9
  </script>
16
  $sql = "SELECT COUNT(id) as total_chats FROM `$wplc_tblname_chats` WHERE `agent_id` <> 0";
17
  $results = $wpdb->get_row( $sql );
18
  if ($results) {
19
+ $total_count = intval($results->total_chats);
20
  } else {
21
  $total_count = 0;
22
  }
includes/documentation_suggestions.php CHANGED
@@ -1,4 +1,8 @@
1
  <?php
 
 
 
 
2
  add_action("wplc_hook_message_sent","wplc_mrg_filter_control_message_control",10,1);
3
  function wplc_mrg_filter_control_message_control($data) {
4
 
@@ -84,7 +88,7 @@ function wplc_remove_stop_words_mrg($string) {
84
 
85
  function wplc_tokenise_mrg($string,$method = 'array') {
86
  $text = strtolower($string);
87
- $matches = strip_tags(html_entity_decode($text)); // strip the rest of the HTML code
88
  $matches = str_replace(" "," ",$matches);
89
  $matches = preg_replace("/http(s)*:\/\/.+/i"," ",$matches);
90
  $matches = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $matches); // remove all non-utf8 characters
@@ -92,7 +96,7 @@ function wplc_tokenise_mrg($string,$method = 'array') {
92
  $matches = preg_replace('/\<script.*?\<\/script\>/ism', '', $matches); //remove script tags
93
  $matches = preg_replace('/\<style.*?\<\/style\>/ism', '', $matches); // remove style tags
94
  $matches = preg_replace( '|\[(.+?)\](.+?\[/\\1\])?|s', '', $matches); // remove square bracket tags
95
- $matches = strip_tags(html_entity_decode($matches)); // strip the rest of the HTML code
96
  $matches = preg_replace('/\s+/', ' ',$matches);
97
  $matches = str_replace("?","",$matches);
98
  $matches = str_replace("!","",$matches);
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+
6
  add_action("wplc_hook_message_sent","wplc_mrg_filter_control_message_control",10,1);
7
  function wplc_mrg_filter_control_message_control($data) {
8
 
88
 
89
  function wplc_tokenise_mrg($string,$method = 'array') {
90
  $text = strtolower($string);
91
+ $matches = wp_filter_post_kses(html_entity_decode($text)); // strip the rest of the HTML code
92
  $matches = str_replace(" "," ",$matches);
93
  $matches = preg_replace("/http(s)*:\/\/.+/i"," ",$matches);
94
  $matches = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $matches); // remove all non-utf8 characters
96
  $matches = preg_replace('/\<script.*?\<\/script\>/ism', '', $matches); //remove script tags
97
  $matches = preg_replace('/\<style.*?\<\/style\>/ism', '', $matches); // remove style tags
98
  $matches = preg_replace( '|\[(.+?)\](.+?\[/\\1\])?|s', '', $matches); // remove square bracket tags
99
+ $matches = wp_filter_post_kses(html_entity_decode($matches)); // strip the rest of the HTML code
100
  $matches = preg_replace('/\s+/', ' ',$matches);
101
  $matches = str_replace("?","",$matches);
102
  $matches = str_replace("!","",$matches);
includes/modal_control.php CHANGED
@@ -2,6 +2,9 @@
2
  /*
3
  * Handles Modal Content Creation
4
  */
 
 
 
5
 
6
  /**
7
  * Return the HTML for a modal window button, which will open the respective modal
2
  /*
3
  * Handles Modal Content Creation
4
  */
5
+ if ( ! defined( 'ABSPATH' ) ) {
6
+ exit;
7
+ }
8
 
9
  /**
10
  * Return the HTML for a modal window button, which will open the respective modal
includes/notification_control.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
-
3
-
 
4
 
5
  function wplc_record_chat_notification($type,$cid,$data) {
6
  if ($cid) {
@@ -23,7 +24,7 @@ function wplc_filter_control_chat_notification_user_loaded($type,$cid,$data) {
23
  global $wplc_tblname_msgs;
24
 
25
 
26
- $msg = sprintf(__("User is browsing <small><a href='%s' target='_BLANK'>%s</a></small>","wplivechat"),strip_tags($data['uri']),strip_tags(wplc_shortenurl($data['uri'])));
27
 
28
  $wpdb->insert(
29
  $wplc_tblname_msgs,
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
 
6
  function wplc_record_chat_notification($type,$cid,$data) {
7
  if ($cid) {
24
  global $wplc_tblname_msgs;
25
 
26
 
27
+ $msg = sprintf(__("User is browsing <small><a href='%s' target='_BLANK'>%s</a></small>","wplivechat"),wp_filter_post_kses($data['uri']),wp_filter_post_kses(wplc_shortenurl($data['uri'])));
28
 
29
  $wpdb->insert(
30
  $wplc_tblname_msgs,
includes/settings_page.php CHANGED
@@ -1,3 +1,10 @@
 
 
 
 
 
 
 
1
  <style>
2
  .ui-tabs-vertical { }
3
  .ui-tabs-vertical .ui-tabs-nav {
@@ -63,9 +70,6 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
63
  </div>
64
  <h2><?php _e("WP Live Chat Support Settings","wplivechat")?></h2>
65
  <?php
66
-
67
- $wplc_mail_type = get_option("wplc_mail_type");
68
- if (!isset($wplc_mail_type) || $wplc_mail_type == "" || !$wplc_mail_type) { $wplc_mail_type = "wp_mail"; }
69
  if (isset($wplc_settings["wplc_settings_align"])) { $wplc_settings_align[intval($wplc_settings["wplc_settings_align"])] = "SELECTED"; }
70
  if (isset($wplc_settings["wplc_settings_enabled"])) { $wplc_settings_enabled[intval($wplc_settings["wplc_settings_enabled"])] = "SELECTED"; }
71
  if (isset($wplc_settings["wplc_settings_fill"])) { $wplc_settings_fill = $wplc_settings["wplc_settings_fill"]; } else { $wplc_settings_fill = "ed832f"; }
@@ -82,10 +86,9 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
82
  $wplc_auto_responder_settings = get_option( "WPLC_AUTO_RESPONDER_SETTINGS" );
83
  $wplc_acbc_data = get_option("WPLC_ACBC_SETTINGS");
84
  $wplc_bh_settings = get_option( "wplc_bh_settings" );
85
- $wplc_encrypt_data = get_option("WPLC_ENCRYPT_SETTINGS");
86
 
87
- $wplc_quick_response_order_by = isset( $wplc_settings['wplc_quick_response_orderby'] ) ? esc_attr( $wplc_settings['wplc_quick_response_orderby'] ) : 'title';
88
- $wplc_quick_response_order = isset( $wplc_settings['wplc_quick_response_order'] ) ? esc_attr( $wplc_settings['wplc_quick_response_order'] ) : 'DESC';
89
 
90
  $wplc_pro_auto_first_response_chat_msg = isset($wplc_settings['wplc_pro_auto_first_response_chat_msg']) ? $wplc_settings['wplc_pro_auto_first_response_chat_msg'] : '';
91
  ?>
@@ -193,7 +196,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
193
  <?php _e("Use Logged In User Details","wplivechat")?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("A user's Name and Email Address will be used by default if they are logged in.", "wplivechat") ?>"></i>
194
  </td>
195
  <td valign='top'>
196
- <input type="checkbox" value="1" name="wplc_loggedin_user_info" <?php if(isset($wplc_settings['wplc_loggedin_user_info']) && $wplc_settings['wplc_loggedin_user_info'] == 1 ) { echo "checked"; } ?> />
197
  </td>
198
  </tr>
199
  <tr>
@@ -201,7 +204,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
201
  <?php _e("Enable On Mobile Devices","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Disabling this will mean that the Chat Box will not be displayed on mobile devices. (Smartphones and Tablets)", "wplivechat") ?>"></i>
202
  </td>
203
  <td valign='top'>
204
- <input type="checkbox" value="1" name="wplc_enabled_on_mobile" <?php if(isset($wplc_settings['wplc_enabled_on_mobile']) && $wplc_settings['wplc_enabled_on_mobile'] == 1 ) { echo "checked"; } ?> />
205
  </td>
206
  </tr>
207
 
@@ -211,7 +214,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
211
  <?php _e("Play a sound when there is a new visitor","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Disable this to mute the sound that is played when a new visitor arrives", "wplivechat") ?>"></i>
212
  </td>
213
  <td valign='top'>
214
- <input type="checkbox" value="1" name="wplc_enable_visitor_sound" <?php if(isset($wplc_settings['wplc_enable_visitor_sound']) && $wplc_settings['wplc_enable_visitor_sound'] == 1 ) { echo "checked"; } ?> />
215
  </td>
216
  </tr>
217
  <?php } ?>
@@ -220,7 +223,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
220
  <?php _e("Play a sound when a new message is received","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Disable this to mute the sound that is played when a new chat message is received", "wplivechat") ?>"></i>
221
  </td>
222
  <td valign='top'>
223
- <input type="checkbox" value="1" name="wplc_enable_msg_sound" <?php if(isset($wplc_settings['wplc_enable_msg_sound']) && $wplc_settings['wplc_enable_msg_sound'] == 1 ) { echo "checked"; } ?> />
224
  </td>
225
  </tr>
226
 
@@ -229,7 +232,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
229
  <?php _e("Enable Font Awesome set","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Disable this if you have Font Awesome set included with your theme", "wplivechat") ?>"></i>
230
  </td>
231
  <td valign='top'>
232
- <input type="checkbox" value="1" name="wplc_enable_font_awesome" <?php if(isset($wplc_settings['wplc_enable_font_awesome']) && $wplc_settings['wplc_enable_font_awesome'] == 1 ) { echo "checked"; } ?> />
233
  </td>
234
  </tr>
235
  <tr>
@@ -237,7 +240,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
237
  <?php _e("Enable chat dashboard and notifications on all admin pages","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("This will load the chat dashboard on every admin page.", "wplivechat") ?>"></i>
238
  </td>
239
  <td valign='top'>
240
- <input type="checkbox" value="1" name="wplc_enable_all_admin_pages" <?php if(isset($wplc_settings['wplc_enable_all_admin_pages']) && $wplc_settings['wplc_enable_all_admin_pages'] == 1 ) { echo "checked"; } ?> />
241
  </td>
242
  </tr>
243
  </table>
@@ -248,7 +251,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
248
  <?php _e("Choose when I want to be online", "wplivechat") ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e('Checking this will allow you to change your status to Online or Offline on the Live Chat page.', 'wplivechat'); ?>"></i>
249
  </td>
250
  <td>
251
- <input type="checkbox" value="1" name="wplc_auto_online" <?php if (isset($wplc_choose_data['wplc_auto_online']) && $wplc_choose_data['wplc_auto_online'] == 1) { echo "checked"; } ?> />
252
  </td>
253
  </tr>
254
  </table>
@@ -318,7 +321,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
318
  <?php _e("Allow any user to make themselves a chat agent", "wplivechat") ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e('Checking this will allow any of your users to make themselves a chat agent when editing their profile.', 'wplivechat'); ?>"></i>
319
  </td>
320
  <td>
321
- <input type="checkbox" value="1" name="wplc_make_agent" <?php if (isset($wplc_inex_data['wplc_make_agent']) && $wplc_inex_data['wplc_make_agent'] == 1) { echo "checked"; } ?> />
322
  </td>
323
  </tr>
324
 
@@ -364,7 +367,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
364
  </td>
365
  <td valign='top'>
366
  <input type="checkbox" value="1"
367
- name="wplc_enable_voice_notes_on_admin" <?php if ( isset( $wplc_settings['wplc_enable_voice_notes_on_admin'] ) && $wplc_settings['wplc_enable_voice_notes_on_admin'] == 1 ) {
368
  echo "checked";
369
  } ?> />
370
  </td>
@@ -377,7 +380,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
377
  </td>
378
  <td valign='top'>
379
  <input type="checkbox" value="1"
380
- name="wplc_enable_voice_notes_on_visitor" <?php if ( isset( $wplc_settings['wplc_enable_voice_notes_on_visitor'] ) && $wplc_settings['wplc_enable_voice_notes_on_visitor'] == 1 ) {
381
  echo "checked";
382
  } ?> />
383
  </td>
@@ -407,7 +410,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
407
  <?php _e("Auto Pop-up","wplivechat") ?> <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Expand the chat box automatically (prompts the user to enter their name and email address).","wplivechat") ?>"></i>
408
  </td>
409
  <td>
410
- <input type="checkbox" name="wplc_auto_pop_up" value="1" <?php if(isset($wplc_settings['wplc_auto_pop_up']) && $wplc_settings['wplc_auto_pop_up'] == 1 ) { echo "checked"; } ?>/>
411
  </td>
412
  </tr>
413
 
@@ -416,9 +419,9 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
416
  <?php _e("Display details in chat message", "wplivechat") ?>
417
  </td>
418
  <td>
419
- <?php if (isset($wplc_settings['wplc_show_name']) && $wplc_settings['wplc_show_name'] == 1) { $checked = "checked"; } else { $checked = ''; } ?>
420
  <input type="checkbox" name="wplc_show_name" value="1" <?php echo $checked; ?>/> <label><?php _e("Show Name", "wplivechat"); ?></label><br/>
421
- <?php if (isset($wplc_settings['wplc_show_avatar']) && $wplc_settings['wplc_show_avatar'] == 1) { $checked = "checked"; } else { $checked = ''; } ?>
422
  <input type="checkbox" name="wplc_show_avatar" value="1" <?php echo $checked; ?>/> <label><?php _e("Show Avatar", "wplivechat"); ?></label>
423
  </td>
424
  </tr>
@@ -439,9 +442,9 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
439
  <?php _e("Display a timestamp in the chat window", "wplivechat") ?>
440
  </td>
441
  <td>
442
- <?php if (isset($wplc_settings['wplc_show_date']) && $wplc_settings['wplc_show_date'] == 1) { $checked = "checked"; } else { $checked = ''; } ?>
443
  <input type="checkbox" name="wplc_show_date" value="1" <?php echo $checked; ?>/> <label><?php _e("Show Date", "wplivechat"); ?></label><br/>
444
- <?php if (isset($wplc_settings['wplc_show_time']) && $wplc_settings['wplc_show_time'] == 1) { $checked = "checked"; } else { $checked = ''; } ?>
445
  <input type="checkbox" name="wplc_show_time" value="1" <?php echo $checked; ?>/> <label><?php _e("Show Time", "wplivechat"); ?></label>
446
  </td>
447
  </tr>
@@ -450,7 +453,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
450
  <?php _e("Redirect user to thank you page when chat is ended", "wplivechat") ?> <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("By checking this, users will be redirected to your thank you page when a chat is completed.", "wplivechat") ?>"></i>
451
  </td>
452
  <td>
453
- <input type="checkbox" name="wplc_redirect_to_thank_you_page" value="1" <?php echo (isset($wplc_settings['wplc_redirect_to_thank_you_page']) && $wplc_settings['wplc_redirect_to_thank_you_page'] == 1 ? "checked" : "" ); ?> />
454
  <input type="text" name="wplc_redirect_thank_you_url" value="<?php echo (isset($wplc_settings['wplc_redirect_thank_you_url']) ? urldecode($wplc_settings['wplc_redirect_thank_you_url']) : '' ); ?>" placeholder="<?php _e('Thank You Page URL', 'wplivechat'); ?>" />
455
  </td>
456
  </tr>
@@ -487,7 +490,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
487
  echo " </td>";
488
  echo " <td>";
489
  echo " <input type=\"checkbox\" name=\"wplc_typing_enabled\" value=\"1\"";
490
- if (isset($wplc_settings['wplc_typing_enabled']) && $wplc_settings['wplc_typing_enabled'] == 1) { echo "checked"; }
491
  echo "/>";
492
  echo " <small><em>".__("For non-cloud server users, please note that this will increase the amount of server resources required.", "wplivechat")." </em></small>";
493
  echo " </td>";
@@ -592,7 +595,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
592
  </td>
593
  <td>
594
  <select name='wplc_messagetone' id='wplc_messagetone'>
595
- <?php $wplc_messagetone = str_replace("http:", "", WPLC_PLUGIN_URL.'includes/sounds/general/ding.mp3' ); ?>
596
  <option <?php if ($wplc_messagetone_selected == WPLC_PLUGIN_URL.'includes/sounds/general/ding.mp3') { echo "selected"; } ?> value='<?php echo $wplc_messagetone; ?>'><?php _e("Default","wplivechat"); ?></option>
597
  <?php
598
  $path = WPLC_PLUGIN_DIR."/includes/sounds/message/";
@@ -786,7 +789,7 @@ if (get_option("WPLC_HIDE_CHAT") == true) {
786
  </td>
787
  <td>
788
  <input type="checkbox" name="wplc_hide_when_offline" value="1" <?php
789
- if (isset($wplc_settings['wplc_hide_when_offline']) && $wplc_settings['wplc_hide_when_offline'] == 1) {
790
  echo "checked";
791
  }
792
  ?>/>
@@ -856,57 +859,7 @@ if (isset($wplc_settings['wplc_hide_when_offline']) && $wplc_settings['wplc_hide
856
 
857
  </table>
858
 
859
- <table class='form-table wp-list-table wplc_list_table widefat fixed striped pages'>
860
- <tr>
861
- <td width="33%"><?php _e("Sending Method", "wplivechat") ?></td>
862
- <td width="33%" style="text-align: center;"><?php _e("WP Mail", "wplivechat") ?></td>
863
- <td width="33%" style="text-align: center;"><?php _e("PHP Mailer", "wplivechat") ?></td>
864
- </tr>
865
- <tr>
866
- <td></td>
867
- <td style="text-align: center;"><input class="wplc_mail_type_radio" type="radio" value="wp_mail" name="wplc_mail_type" <?php if ($wplc_mail_type == "wp_mail") {
868
- echo "checked";
869
- } ?>></td>
870
- <td style="text-align: center;"><input id="wpcl_mail_type_php" class="wplc_mail_type_radio" type="radio" value="php_mailer" name="wplc_mail_type" <?php if ($wplc_mail_type == "php_mailer") {
871
- echo "checked";
872
- } ?>></td>
873
- </tr>
874
- </table>
875
- <hr/>
876
- <table id="wplc_smtp_details" class='form-table wp-list-table wplc_list_table widefat fixed striped pages' width='100%'>
877
- <tr>
878
- <td width="300" valign="top">
879
- <?php _e("Host", "wplivechat") ?>:
880
- </td>
881
- <td>
882
- <input id="wplc_mail_host" name="wplc_mail_host" type="text" class="regular-text" value="<?php echo get_option("wplc_mail_host") ?>" placeholder="smtp.example.com" />
883
- </td>
884
- </tr>
885
- <tr>
886
- <td>
887
- <?php _e("Port", "wplivechat") ?>:
888
- </td>
889
- <td>
890
- <input id="wplc_mail_port" name="wplc_mail_port" type="text" class="regular-text" value="<?php echo get_option("wplc_mail_port") ?>" placeholder="25" />
891
- </td>
892
- </tr>
893
- <tr>
894
- <td>
895
- <?php _e("Username", "wplivechat") ?>:
896
- </td>
897
- <td>
898
- <input id="wplc_mail_username" name="wplc_mail_username" type="text" class="regular-text" value="<?php echo get_option("wplc_mail_username") ?>" placeholder="me@example.com" />
899
- </td>
900
- </tr>
901
- <tr>
902
- <td>
903
- <?php _e("Password", "wplivechat") ?>:
904
- </td>
905
- <td>
906
- <input id="wplc_mail_password" name="wplc_mail_password" type="password" class="regular-text" value="<?php echo get_option("wplc_mail_password") ?>" placeholder="Password" />
907
- </td>
908
- </tr>
909
- </table>
910
 
911
  <table class='form-table wp-list-table wplc_list_table widefat fixed striped pages'>
912
  <tr>
@@ -1311,20 +1264,20 @@ if (isset($wplc_settings['wplc_hide_when_offline']) && $wplc_settings['wplc_hide
1311
  $blogusers = get_users( array( 'role' => 'administrator', 'fields' => array( 'display_name','ID','user_email' ) ) );
1312
  // Array of stdClass objects.
1313
  foreach ( $blogusers as $user ) {
1314
- $is_agent = get_user_meta(esc_html( $user->ID ), 'wplc_ma_agent', true);
1315
- if(!$is_agent){ echo '<option id="wplc_selected_agent_'. esc_html( $user->ID ) .'" em="' . md5(esc_html( $user->user_email )) . '" uid="' . esc_html( $user->ID ) . '" em2="' . esc_html( $user->user_email ) . '" name="' . esc_html( $user->display_name ) . '" value="' . esc_html( $user->ID ) . '">' . esc_html( $user->display_name ) . ' ('.__('Administrator','wplivechat').')</option>'; }
1316
  }
1317
  $blogusers = get_users( array( 'role' => 'editor', 'fields' => array( 'display_name','ID','user_email' ) ) );
1318
  // Array of stdClass objects.
1319
  foreach ( $blogusers as $user ) {
1320
- $is_agent = get_user_meta(esc_html( $user->ID ), 'wplc_ma_agent', true);
1321
- if(!$is_agent){ echo '<option id="wplc_selected_agent_'. esc_html( $user->ID ) .'" em="' . md5(esc_html( $user->user_email )) . '" uid="' . esc_html( $user->ID ) . '" em2="' . esc_html( $user->user_email ) . '" name="' . esc_html( $user->display_name ) . '" value="' . esc_html( $user->ID ) . '">' . esc_html( $user->display_name ) . ' ('.__('Editor','wplivechat').')</option>'; }
1322
  }
1323
  $blogusers = get_users( array( 'role' => 'author', 'fields' => array( 'display_name','ID','user_email' ) ) );
1324
  // Array of stdClass objects.
1325
  foreach ( $blogusers as $user ) {
1326
- $is_agent = get_user_meta(esc_html( $user->ID ), 'wplc_ma_agent', true);
1327
- if(!$is_agent){ echo '<option id="wplc_selected_agent_'. esc_html( $user->ID ) .'" em="' . md5(esc_html( $user->user_email )) . '" uid="' . esc_html( $user->ID ) . '" em2="' . esc_html( $user->user_email ) . '" name="' . esc_html( $user->display_name ) . '" value="' . esc_html( $user->ID ) . '">' . esc_html( $user->display_name ) . ' ('.__('Author','wplivechat').')</option>'; }
1328
  }
1329
  ?>
1330
  </select>
@@ -1450,27 +1403,6 @@ if (isset($wplc_settings['wplc_hide_when_offline']) && $wplc_settings['wplc_hide
1450
  echo $content;
1451
  ?>
1452
 
1453
- <div id="tabs-9">
1454
- <h3><?php _e("Chat Encryption", "wplivechat") ?></h3>
1455
- <table class='form-table wp-list-table wplc_list_table widefat fixed striped pages' width='700'>
1456
- <tr>
1457
- <td width='300' valign='top'><?php _e("Enable Encryption", "wplivechat") ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e('All messages will be encrypted when being sent to and from the user and agent.', 'wplivechat'); ?>"></i></td>
1458
- <td>
1459
- <input type="checkbox" name="wplc_enable_encryption" id="wplc_enable_encryption" value="1" <?php if(isset($wplc_encrypt_data['wplc_enable_encryption']) && $wplc_encrypt_data['wplc_enable_encryption'] == 1){ echo 'checked'; } ?>/>
1460
- </td>
1461
- </tr>
1462
- <tr>
1463
- <td width='300'></td>
1464
- <td>
1465
- <p class='notice notice-error'>
1466
- <?php _e('Please note: Chat messages will only be encrypted and decrypted if you have inserted your WP Live Chat Support API Key on the <a href="admin.php?page=wplivechat-menu-api-keys-page">API Keys page</a>.', 'wplivechat'); ?>
1467
- <?php _e('Once enabled, all messages sent will be encrypted. This cannot be undone.', 'wplivechat'); ?>
1468
- </p>
1469
- </td>
1470
- </tr>
1471
- </table>
1472
- </div>
1473
-
1474
  <?php do_action("wplc_hook_settings_page_more_tabs"); ?>
1475
 
1476
  </div>
1
+ <?php
2
+ /** Settings page */
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
+ ?>
8
  <style>
9
  .ui-tabs-vertical { }
10
  .ui-tabs-vertical .ui-tabs-nav {
70
  </div>
71
  <h2><?php _e("WP Live Chat Support Settings","wplivechat")?></h2>
72
  <?php
 
 
 
73
  if (isset($wplc_settings["wplc_settings_align"])) { $wplc_settings_align[intval($wplc_settings["wplc_settings_align"])] = "SELECTED"; }
74
  if (isset($wplc_settings["wplc_settings_enabled"])) { $wplc_settings_enabled[intval($wplc_settings["wplc_settings_enabled"])] = "SELECTED"; }
75
  if (isset($wplc_settings["wplc_settings_fill"])) { $wplc_settings_fill = $wplc_settings["wplc_settings_fill"]; } else { $wplc_settings_fill = "ed832f"; }
86
  $wplc_auto_responder_settings = get_option( "WPLC_AUTO_RESPONDER_SETTINGS" );
87
  $wplc_acbc_data = get_option("WPLC_ACBC_SETTINGS");
88
  $wplc_bh_settings = get_option( "wplc_bh_settings" );
 
89
 
90
+ $wplc_quick_response_order_by = isset( $wplc_settings['wplc_quick_response_orderby'] ) ? sanitize_text_field( $wplc_settings['wplc_quick_response_orderby'] ) : 'title';
91
+ $wplc_quick_response_order = isset( $wplc_settings['wplc_quick_response_order'] ) ? sanitize_text_field( $wplc_settings['wplc_quick_response_order'] ) : 'DESC';
92
 
93
  $wplc_pro_auto_first_response_chat_msg = isset($wplc_settings['wplc_pro_auto_first_response_chat_msg']) ? $wplc_settings['wplc_pro_auto_first_response_chat_msg'] : '';
94
  ?>
196
  <?php _e("Use Logged In User Details","wplivechat")?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("A user's Name and Email Address will be used by default if they are logged in.", "wplivechat") ?>"></i>
197
  </td>
198
  <td valign='top'>
199
+ <input type="checkbox" value="1" name="wplc_loggedin_user_info" <?php if(isset($wplc_settings['wplc_loggedin_user_info']) && intval($wplc_settings['wplc_loggedin_user_info']) == 1 ) { echo "checked"; } ?> />
200
  </td>
201
  </tr>
202
  <tr>
204
  <?php _e("Enable On Mobile Devices","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Disabling this will mean that the Chat Box will not be displayed on mobile devices. (Smartphones and Tablets)", "wplivechat") ?>"></i>
205
  </td>
206
  <td valign='top'>
207
+ <input type="checkbox" value="1" name="wplc_enabled_on_mobile" <?php if(isset($wplc_settings['wplc_enabled_on_mobile']) && intval($wplc_settings['wplc_enabled_on_mobile']) == 1 ) { echo "checked"; } ?> />
208
  </td>
209
  </tr>
210
 
214
  <?php _e("Play a sound when there is a new visitor","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Disable this to mute the sound that is played when a new visitor arrives", "wplivechat") ?>"></i>
215
  </td>
216
  <td valign='top'>
217
+ <input type="checkbox" value="1" name="wplc_enable_visitor_sound" <?php if(isset($wplc_settings['wplc_enable_visitor_sound']) && intval($wplc_settings['wplc_enable_visitor_sound']) == 1 ) { echo "checked"; } ?> />
218
  </td>
219
  </tr>
220
  <?php } ?>
223
  <?php _e("Play a sound when a new message is received","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Disable this to mute the sound that is played when a new chat message is received", "wplivechat") ?>"></i>
224
  </td>
225
  <td valign='top'>
226
+ <input type="checkbox" value="1" name="wplc_enable_msg_sound" <?php if(isset($wplc_settings['wplc_enable_msg_sound']) && intval($wplc_settings['wplc_enable_msg_sound']) == 1 ) { echo "checked"; } ?> />
227
  </td>
228
  </tr>
229
 
232
  <?php _e("Enable Font Awesome set","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Disable this if you have Font Awesome set included with your theme", "wplivechat") ?>"></i>
233
  </td>
234
  <td valign='top'>
235
+ <input type="checkbox" value="1" name="wplc_enable_font_awesome" <?php if(isset($wplc_settings['wplc_enable_font_awesome']) && intval($wplc_settings['wplc_enable_font_awesome']) == 1 ) { echo "checked"; } ?> />
236
  </td>
237
  </tr>
238
  <tr>
240
  <?php _e("Enable chat dashboard and notifications on all admin pages","wplivechat"); ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("This will load the chat dashboard on every admin page.", "wplivechat") ?>"></i>
241
  </td>
242
  <td valign='top'>
243
+ <input type="checkbox" value="1" name="wplc_enable_all_admin_pages" <?php if(isset($wplc_settings['wplc_enable_all_admin_pages']) && intval($wplc_settings['wplc_enable_all_admin_pages']) == 1 ) { echo "checked"; } ?> />
244
  </td>
245
  </tr>
246
  </table>
251
  <?php _e("Choose when I want to be online", "wplivechat") ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e('Checking this will allow you to change your status to Online or Offline on the Live Chat page.', 'wplivechat'); ?>"></i>
252
  </td>
253
  <td>
254
+ <input type="checkbox" value="1" name="wplc_auto_online" <?php if (isset($wplc_choose_data['wplc_auto_online']) && intval($wplc_choose_data['wplc_auto_online']) == 1) { echo "checked"; } ?> />
255
  </td>
256
  </tr>
257
  </table>
321
  <?php _e("Allow any user to make themselves a chat agent", "wplivechat") ?>: <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e('Checking this will allow any of your users to make themselves a chat agent when editing their profile.', 'wplivechat'); ?>"></i>
322
  </td>
323
  <td>
324
+ <input type="checkbox" value="1" name="wplc_make_agent" <?php if (isset($wplc_inex_data['wplc_make_agent']) && intval($wplc_inex_data['wplc_make_agent']) == 1) { echo "checked"; } ?> />
325
  </td>
326
  </tr>
327
 
367
  </td>
368
  <td valign='top'>
369
  <input type="checkbox" value="1"
370
+ name="wplc_enable_voice_notes_on_admin" <?php if ( isset( $wplc_settings['wplc_enable_voice_notes_on_admin'] ) && intval($wplc_settings['wplc_enable_voice_notes_on_admin']) == 1 ) {
371
  echo "checked";
372
  } ?> />
373
  </td>
380
  </td>
381
  <td valign='top'>
382
  <input type="checkbox" value="1"
383
+ name="wplc_enable_voice_notes_on_visitor" <?php if ( isset( $wplc_settings['wplc_enable_voice_notes_on_visitor'] ) && intval($wplc_settings['wplc_enable_voice_notes_on_visitor']) == 1 ) {
384
  echo "checked";
385
  } ?> />
386
  </td>
410
  <?php _e("Auto Pop-up","wplivechat") ?> <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("Expand the chat box automatically (prompts the user to enter their name and email address).","wplivechat") ?>"></i>
411
  </td>
412
  <td>
413
+ <input type="checkbox" name="wplc_auto_pop_up" value="1" <?php if(isset($wplc_settings['wplc_auto_pop_up']) && intval($wplc_settings['wplc_auto_pop_up']) == 1 ) { echo "checked"; } ?>/>
414
  </td>
415
  </tr>
416
 
419
  <?php _e("Display details in chat message", "wplivechat") ?>
420
  </td>
421
  <td>
422
+ <?php if (isset($wplc_settings['wplc_show_name']) && intval($wplc_settings['wplc_show_name']) == 1) { $checked = "checked"; } else { $checked = ''; } ?>
423
  <input type="checkbox" name="wplc_show_name" value="1" <?php echo $checked; ?>/> <label><?php _e("Show Name", "wplivechat"); ?></label><br/>
424
+ <?php if (isset($wplc_settings['wplc_show_avatar']) && intval($wplc_settings['wplc_show_avatar']) == 1) { $checked = "checked"; } else { $checked = ''; } ?>
425
  <input type="checkbox" name="wplc_show_avatar" value="1" <?php echo $checked; ?>/> <label><?php _e("Show Avatar", "wplivechat"); ?></label>
426
  </td>
427
  </tr>
442
  <?php _e("Display a timestamp in the chat window", "wplivechat") ?>
443
  </td>
444
  <td>
445
+ <?php if (isset($wplc_settings['wplc_show_date']) && intval($wplc_settings['wplc_show_date']) == 1) { $checked = "checked"; } else { $checked = ''; } ?>
446
  <input type="checkbox" name="wplc_show_date" value="1" <?php echo $checked; ?>/> <label><?php _e("Show Date", "wplivechat"); ?></label><br/>
447
+ <?php if (isset($wplc_settings['wplc_show_time']) && intval($wplc_settings['wplc_show_time']) == 1) { $checked = "checked"; } else { $checked = ''; } ?>
448
  <input type="checkbox" name="wplc_show_time" value="1" <?php echo $checked; ?>/> <label><?php _e("Show Time", "wplivechat"); ?></label>
449
  </td>
450
  </tr>
453
  <?php _e("Redirect user to thank you page when chat is ended", "wplivechat") ?> <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e("By checking this, users will be redirected to your thank you page when a chat is completed.", "wplivechat") ?>"></i>
454
  </td>
455
  <td>
456
+ <input type="checkbox" name="wplc_redirect_to_thank_you_page" value="1" <?php echo (isset($wplc_settings['wplc_redirect_to_thank_you_page']) && intval($wplc_settings['wplc_redirect_to_thank_you_page']) == 1 ? "checked" : "" ); ?> />
457
  <input type="text" name="wplc_redirect_thank_you_url" value="<?php echo (isset($wplc_settings['wplc_redirect_thank_you_url']) ? urldecode($wplc_settings['wplc_redirect_thank_you_url']) : '' ); ?>" placeholder="<?php _e('Thank You Page URL', 'wplivechat'); ?>" />
458
  </td>
459
  </tr>
490
  echo " </td>";
491
  echo " <td>";
492
  echo " <input type=\"checkbox\" name=\"wplc_typing_enabled\" value=\"1\"";
493
+ if (isset($wplc_settings['wplc_typing_enabled']) && intval($wplc_settings['wplc_typing_enabled']) == 1) { echo "checked"; }
494
  echo "/>";
495
  echo " <small><em>".__("For non-cloud server users, please note that this will increase the amount of server resources required.", "wplivechat")." </em></small>";
496
  echo " </td>";
595
  </td>
596
  <td>
597
  <select name='wplc_messagetone' id='wplc_messagetone'>
598
+ <?php $wplc_messagetone = str_replace("http:", "", realpath(WPLC_PLUGIN_URL.'includes/sounds/general/ding.mp3') ); ?>
599
  <option <?php if ($wplc_messagetone_selected == WPLC_PLUGIN_URL.'includes/sounds/general/ding.mp3') { echo "selected"; } ?> value='<?php echo $wplc_messagetone; ?>'><?php _e("Default","wplivechat"); ?></option>
600
  <?php
601
  $path = WPLC_PLUGIN_DIR."/includes/sounds/message/";
789
  </td>
790
  <td>
791
  <input type="checkbox" name="wplc_hide_when_offline" value="1" <?php
792
+ if (isset($wplc_settings['wplc_hide_when_offline']) && intval($wplc_settings['wplc_hide_when_offline']) == 1) {
793
  echo "checked";
794
  }
795
  ?>/>
859
 
860
  </table>
861
 
862
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
863
 
864
  <table class='form-table wp-list-table wplc_list_table widefat fixed striped pages'>
865
  <tr>
1264
  $blogusers = get_users( array( 'role' => 'administrator', 'fields' => array( 'display_name','ID','user_email' ) ) );
1265
  // Array of stdClass objects.
1266
  foreach ( $blogusers as $user ) {
1267
+ $is_agent = get_user_meta(intval( $user->ID ), 'wplc_ma_agent', true);
1268
+ if(!$is_agent){ echo '<option id="wplc_selected_agent_'. intval( $user->ID ) .'" em="' . md5(sanitize_email( $user->user_email )) . '" uid="' . intval( $user->ID ) . '" em2="' . sanitize_email( $user->user_email ) . '" name="' . sanitize_text_field( $user->display_name ) . '" value="' . intval( $user->ID ) . '">' . sanitize_text_field( $user->display_name ) . ' ('.__('Administrator','wplivechat').')</option>'; }
1269
  }
1270
  $blogusers = get_users( array( 'role' => 'editor', 'fields' => array( 'display_name','ID','user_email' ) ) );
1271
  // Array of stdClass objects.
1272
  foreach ( $blogusers as $user ) {
1273
+ $is_agent = get_user_meta(intval( $user->ID ), 'wplc_ma_agent', true);
1274
+ if(!$is_agent){ echo '<option id="wplc_selected_agent_'. intval( $user->ID ) .'" em="' . md5(sanitize_email( $user->user_email )) . '" uid="' . intval( $user->ID ) . '" em2="' . sanitize_email( $user->user_email ) . '" name="' . sanitize_text_field( $user->display_name ) . '" value="' . intval( $user->ID ) . '">' . sanitize_text_field( $user->display_name ) . ' ('.__('Editor','wplivechat').')</option>'; }
1275
  }
1276
  $blogusers = get_users( array( 'role' => 'author', 'fields' => array( 'display_name','ID','user_email' ) ) );
1277
  // Array of stdClass objects.
1278
  foreach ( $blogusers as $user ) {
1279
+ $is_agent = get_user_meta(intval( $user->ID ), 'wplc_ma_agent', true);
1280
+ if(!$is_agent){ echo '<option id="wplc_selected_agent_'. intval( $user->ID ) .'" em="' . md5(sanitize_email( $user->user_email )) . '" uid="' . intval( $user->ID ) . '" em2="' . sanitize_email( $user->user_email ) . '" name="' . sanitize_text_field( $user->display_name ) . '" value="' . intval( $user->ID ) . '">' . sanitize_text_field( $user->display_name ) . ' ('.__('Author','wplivechat').')</option>'; }
1281
  }
1282
  ?>
1283
  </select>
1403
  echo $content;
1404
  ?>
1405
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1406
  <?php do_action("wplc_hook_settings_page_more_tabs"); ?>
1407
 
1408
  </div>
includes/shortcodes.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
-
 
 
3
  add_filter("init","wplc_add_shortcode",10,4);
4
 
5
  function wplc_add_shortcode() {
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
  add_filter("init","wplc_add_shortcode",10,4);
6
 
7
  function wplc_add_shortcode() {
includes/surveys.php CHANGED
@@ -1,5 +1,9 @@
1
  <?php
2
 
 
 
 
 
3
  add_filter("wplc_filter_setting_tabs","wplc_survey_filter_control_setting_tabs");
4
  function wplc_survey_filter_control_setting_tabs($tab_array) {
5
  $tab_array['survey'] = array(
@@ -78,8 +82,8 @@ function wplc_survey_hook_control_settings_page_more_tabs() {
78
  $nimble_user_id = $lead_form->uid;
79
  if (isset($lead_form->name)) {
80
  $cnt++;
81
- if( isset( $wplc_survey_data['lead_form'] ) && $wplc_survey_data['lead_form'] == $lead_form->id ){ $sel = 'selected'; } else { $sel = ''; }
82
- echo "<option value='".$lead_form->id."' $sel>".$lead_form->name."</option>";
83
  }
84
  }
85
  echo "</select>";
@@ -129,27 +133,27 @@ function wplc_survey_save_settings() {
129
  if (isset($_POST['wplc_save_settings'])) {
130
 
131
  if (isset($_POST['wplc_enable_surveys'])) {
132
- $wplc_survey_data['wplc_enable_surveys'] = esc_attr($_POST['wplc_enable_surveys']);
133
  } else {
134
  $wplc_survey_data['wplc_enable_surveys'] = 0;
135
  }
136
  if (isset($_POST['nimble_survey']) && $_POST['nimble_survey'] !== '0') {
137
- $wplc_survey_data['survey'] = esc_attr($_POST['nimble_survey']);
138
  } else {
139
  $wplc_survey_data['survey'] = null;
140
  }
141
  if (isset($_POST['nimble_lead_form']) && $_POST['nimble_lead_form'] !== '0') {
142
- $wplc_survey_data['lead_form'] = esc_attr($_POST['nimble_lead_form']);
143
  } else {
144
  $wplc_survey_data['lead_form'] = null;
145
  }
146
  if (isset($_POST['survey_user']) && $_POST['survey_user'] !== '0') {
147
- $wplc_survey_data['survey_user'] = esc_attr($_POST['survey_user']);
148
  } else {
149
  $wplc_survey_data['survey_user'] = null;
150
  }
151
  if (isset($_POST['survey_display']) && $_POST['survey_display'] !== '0') {
152
- $wplc_survey_data['survey_display'] = esc_attr($_POST['survey_display']);
153
  } else {
154
  $wplc_survey_data['survey_display'] = "1";
155
  }
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
  add_filter("wplc_filter_setting_tabs","wplc_survey_filter_control_setting_tabs");
8
  function wplc_survey_filter_control_setting_tabs($tab_array) {
9
  $tab_array['survey'] = array(
82
  $nimble_user_id = $lead_form->uid;
83
  if (isset($lead_form->name)) {
84
  $cnt++;
85
+ if( isset( $wplc_survey_data['lead_form'] ) && intval($wplc_survey_data['lead_form']) == intval($lead_form->id) ){ $sel = 'selected'; } else { $sel = ''; }
86
+ echo "<option value='".intval($lead_form->id)."' $sel>".sanitize_text_field($lead_form->name)."</option>";
87
  }
88
  }
89
  echo "</select>";
133
  if (isset($_POST['wplc_save_settings'])) {
134
 
135
  if (isset($_POST['wplc_enable_surveys'])) {
136
+ $wplc_survey_data['wplc_enable_surveys'] = intval($_POST['wplc_enable_surveys']);
137
  } else {
138
  $wplc_survey_data['wplc_enable_surveys'] = 0;
139
  }
140
  if (isset($_POST['nimble_survey']) && $_POST['nimble_survey'] !== '0') {
141
+ $wplc_survey_data['survey'] = sanitize_text_field($_POST['nimble_survey']);
142
  } else {
143
  $wplc_survey_data['survey'] = null;
144
  }
145
  if (isset($_POST['nimble_lead_form']) && $_POST['nimble_lead_form'] !== '0') {
146
+ $wplc_survey_data['lead_form'] = sanitize_text_field($_POST['nimble_lead_form']);
147
  } else {
148
  $wplc_survey_data['lead_form'] = null;
149
  }
150
  if (isset($_POST['survey_user']) && $_POST['survey_user'] !== '0') {
151
+ $wplc_survey_data['survey_user'] = sanitize_text_field($_POST['survey_user']);
152
  } else {
153
  $wplc_survey_data['survey_user'] = null;
154
  }
155
  if (isset($_POST['survey_display']) && $_POST['survey_display'] !== '0') {
156
+ $wplc_survey_data['survey_display'] = sanitize_text_field($_POST['survey_display']);
157
  } else {
158
  $wplc_survey_data['survey_display'] = "1";
159
  }
includes/update_control.class.php DELETED
@@ -1,128 +0,0 @@
1
- <?php
2
-
3
- final class wplc_update_control {
4
-
5
- private static $instance;
6
- private $wplc_api_url;
7
- private $wplc_api_slug;
8
- private $wplc_api_key;
9
- private $wplc_extension_string;
10
- private $wplc_option;
11
- private $wplc_button;
12
- private $wplc_form_name;
13
- private $wplc_option_is_valid;
14
-
15
-
16
- public function set_slug($slug) {
17
- $this->wplc_api_slug = $slug;
18
- $this->wplc_option = $slug."_key";
19
- $this->wplc_option_is_valid = $slug."_isvalid";
20
- $this->wplc_button = $slug."_button";
21
- $this->wplc_form_name = $slug."_form";
22
- }
23
-
24
- public function set_api($api) {
25
- $this->wplc_api_key = $api;
26
- }
27
- public function set_custom_option($option) {
28
- $this->wplc_option = $option;
29
- }
30
-
31
- public function set_path($path) {
32
- $this->wplc_path = $path;
33
- }
34
- public function set_title($title) {
35
- $this->wplc_title = $title;
36
- }
37
- public function __clone() {
38
- // Cloning instances of the class is forbidden
39
- exit();
40
- }
41
- public function __wakeup() {
42
- // Unserializing instances of the class is forbidden
43
- exit();
44
- }
45
- public function set_api_url($url) {
46
- $this->wplc_api_url = $url;
47
- }
48
-
49
- public function activate() {
50
- $this->wplc_extension_string = $this->wplc_title;
51
- $this->wplc_api_url = WLPC_UPDATE_SERVER.'/auth_api/api-control/';
52
- add_filter("wplc_filter_api_page",array( $this, "wplc_filter_control_api_page" ),10,1);
53
- add_action("admin_init",array( $this, "wplc_save_api" ));
54
- add_action("after_plugin_row_{$this->wplc_path}", array( $this, "wplc_plugin_row" ), 10, 3 );
55
- }
56
-
57
-
58
- public function wplc_filter_control_api_page($page_content) {
59
- if (get_option($this->wplc_option)) {
60
- $args = array(
61
- 'slug' => 'wp-live-chat-support-pro',
62
- );
63
- $data_array = array(
64
- 'method' => 'POST',
65
- 'httpversion' => '1.0',
66
- 'sslverify' => false,
67
- 'body' => array(
68
- 'action' => 'api_validation',
69
- 'd' => get_option('siteurl'),
70
- 'request' => serialize($args),
71
- 'api_key' => get_option($this->wplc_option)
72
- ));
73
- $response = wp_remote_post($this->wplc_api_url, $data_array);
74
-
75
- if (is_array($response)) {
76
- if ( $response['response']['code'] == "200" ) {
77
- $data = $response['body'];
78
- $data = unserialize($data);
79
- } else {
80
- $data = array("message"=>"Unable to contact the host server at this point. Please try again later. Error: ".json_encode( $response ) );
81
- }
82
- } else {
83
- $data = array("message"=>"Unable to contact the host server at this point. Please try again later.");
84
- }
85
- $data_array = array(
86
- "data" => $data,
87
- "string" => $this->wplc_extension_string,
88
- "form_name" => $this->wplc_form_name,
89
- "option_name" => $this->wplc_option,
90
- "button" => $this->wplc_button,
91
- "is_valid" => $this->wplc_option_is_valid
92
-
93
- );
94
- } else {
95
- $data_array = array(
96
- "data" => null,
97
- "string" => $this->wplc_extension_string,
98
- "form_name" => $this->wplc_form_name,
99
- "option_name" => $this->wplc_option,
100
- "button" => $this->wplc_button,
101
- "is_valid" => 0
102
-
103
- );
104
-
105
- }
106
-
107
-
108
- if (function_exists("wplc_build_api_check")) { return wplc_build_api_check($page_content,$data_array); }
109
-
110
- return $page_content;
111
-
112
- }
113
-
114
- public function wplc_save_api() {
115
-
116
- if(isset($_POST[$this->wplc_button])){
117
- if(isset($_POST[$this->wplc_option])){
118
- update_option($this->wplc_option, sanitize_text_field($_POST[$this->wplc_option]));
119
- }
120
- }
121
- }
122
- public function wplc_plugin_row( $plugin_file, $plugin_data, $status ) {
123
- if (!get_option($this->wplc_option_is_valid)) {
124
- if (function_exists("wplc_plugin_row_invalid_api")) { wplc_plugin_row_invalid_api(); }
125
- }
126
- }
127
-
128
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
includes/wplc_agent_data.php CHANGED
@@ -1,4 +1,7 @@
1
  <?php
 
 
 
2
 
3
  add_action( 'edit_user_profile', 'wplc_user_profile_fields_mrg' );
4
  add_action( 'show_user_profile', 'wplc_user_profile_fields_mrg' );
@@ -12,7 +15,7 @@ function wplc_user_profile_fields_mrg( $user ){
12
  $ret .= "</th>";
13
  $ret .= "<td>";
14
  $ret .= "<label for='wplc_user_tagline'>";
15
- if ( get_the_author_meta( 'wplc_user_tagline', $user->ID ) != "" ) { $predefined = get_the_author_meta( 'wplc_user_tagline', $user->ID ); } else { $predefined = ""; }
16
  $ret .= "<textarea name='wplc_user_tagline' id='wplc_user_tagline' rows='6'>$predefined</textarea><br/>";
17
  $ret .= "<small>".__( 'This will show up at the top of the chatbox - Leave blank to disable.', 'wplivechat' )."</small>";
18
  $ret .= "</label>";
@@ -25,7 +28,7 @@ function wplc_user_profile_fields_mrg( $user ){
25
  $ret .= "</th>";
26
  $ret .= "<td>";
27
  $ret .= "<label for='wplc_user_bio'>";
28
- if ( get_the_author_meta( 'wplc_user_bio', $user->ID ) != "" ) { $predefined = get_the_author_meta( 'wplc_user_bio', $user->ID ); } else { $predefined = ""; }
29
  $ret .= "<textarea name='wplc_user_bio' id='wplc_user_bio' rows='6'>$predefined</textarea><br/>";
30
  $ret .= "<small>".__( 'This will show up at the top of the chatbox - Leave blank to disable.', 'wplivechat' )."</small>";
31
  $ret .= "</label>";
@@ -38,19 +41,19 @@ function wplc_user_profile_fields_mrg( $user ){
38
  $ret .= "</th>";
39
  $ret .= "<td>";
40
  $ret .= "<label for='wplc_user_twitter'>";
41
- if ( get_the_author_meta( 'wplc_user_twitter', $user->ID ) != "" ) { $predefined = get_the_author_meta( 'wplc_user_twitter', $user->ID ); } else { $predefined = ""; }
42
  $ret .= "<input name='wplc_user_twitter' id='wplc_user_twitter' value='$predefined' /> <em>".__("Twitter URL","wplivechat")."</em><br/>";
43
  $ret .= "</label>";
44
  $ret .= "<label for='wplc_user_linkedin'>";
45
- if ( get_the_author_meta( 'wplc_user_linkedin', $user->ID ) != "" ) { $predefined = get_the_author_meta( 'wplc_user_linkedin', $user->ID ); } else { $predefined = ""; }
46
  $ret .= "<input name='wplc_user_linkedin' id='wplc_user_linkedin' value='$predefined' /> <em>".__("LinkedIn URL","wplivechat")."</em><br/>";
47
  $ret .= "</label>";
48
  $ret .= "<label for='wplc_user_facebook'>";
49
- if ( get_the_author_meta( 'wplc_user_facebook', $user->ID ) != "" ) { $predefined = get_the_author_meta( 'wplc_user_facebook', $user->ID ); } else { $predefined = ""; }
50
  $ret .= "<input name='wplc_user_facebook' id='wplc_user_facebook' value='$predefined' /> <em>".__("Facebook URL","wplivechat")."</em><br/>";
51
  $ret .= "</label>";
52
  $ret .= "<label for='wplc_user_website'>";
53
- if ( get_the_author_meta( 'wplc_user_website', $user->ID ) != "" ) { $predefined = get_the_author_meta( 'wplc_user_website', $user->ID ); } else { $predefined = ""; }
54
  $ret .= "<input name='wplc_user_website' id='wplc_user_website' value='$predefined' /> <em>".__("Website URL","wplivechat")."</em><br/>";
55
  $ret .= "</label>";
56
  $ret .= "<small>".__( "This will show up at the top of the chatbox, in the agent's description - Leave each item blank to disable it.", 'wplivechat' )."</small>";
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
 
6
  add_action( 'edit_user_profile', 'wplc_user_profile_fields_mrg' );
7
  add_action( 'show_user_profile', 'wplc_user_profile_fields_mrg' );
15
  $ret .= "</th>";
16
  $ret .= "<td>";
17
  $ret .= "<label for='wplc_user_tagline'>";
18
+ if ( get_the_author_meta( 'wplc_user_tagline', $user->ID ) != "" ) { $predefined = sanitize_text_field( get_the_author_meta( 'wplc_user_tagline', $user->ID ) ); } else { $predefined = ""; }
19
  $ret .= "<textarea name='wplc_user_tagline' id='wplc_user_tagline' rows='6'>$predefined</textarea><br/>";
20
  $ret .= "<small>".__( 'This will show up at the top of the chatbox - Leave blank to disable.', 'wplivechat' )."</small>";
21
  $ret .= "</label>";
28
  $ret .= "</th>";
29
  $ret .= "<td>";
30
  $ret .= "<label for='wplc_user_bio'>";
31
+ if ( get_the_author_meta( 'wplc_user_bio', $user->ID ) != "" ) { $predefined = sanitize_text_field( get_the_author_meta( 'wplc_user_bio', $user->ID ) ); } else { $predefined = ""; }
32
  $ret .= "<textarea name='wplc_user_bio' id='wplc_user_bio' rows='6'>$predefined</textarea><br/>";
33
  $ret .= "<small>".__( 'This will show up at the top of the chatbox - Leave blank to disable.', 'wplivechat' )."</small>";
34
  $ret .= "</label>";
41
  $ret .= "</th>";
42
  $ret .= "<td>";
43
  $ret .= "<label for='wplc_user_twitter'>";
44
+ if ( get_the_author_meta( 'wplc_user_twitter', $user->ID ) != "" ) { $predefined = sanitize_text_field( get_the_author_meta( 'wplc_user_twitter', $user->ID ) ); } else { $predefined = ""; }
45
  $ret .= "<input name='wplc_user_twitter' id='wplc_user_twitter' value='$predefined' /> <em>".__("Twitter URL","wplivechat")."</em><br/>";
46
  $ret .= "</label>";
47
  $ret .= "<label for='wplc_user_linkedin'>";
48
+ if ( get_the_author_meta( 'wplc_user_linkedin', $user->ID ) != "" ) { $predefined = sanitize_text_field( get_the_author_meta( 'wplc_user_linkedin', $user->ID ) ); } else { $predefined = ""; }
49
  $ret .= "<input name='wplc_user_linkedin' id='wplc_user_linkedin' value='$predefined' /> <em>".__("LinkedIn URL","wplivechat")."</em><br/>";
50
  $ret .= "</label>";
51
  $ret .= "<label for='wplc_user_facebook'>";
52
+ if ( get_the_author_meta( 'wplc_user_facebook', $user->ID ) != "" ) { $predefined = sanitize_text_field( get_the_author_meta( 'wplc_user_facebook', $user->ID ) ); } else { $predefined = ""; }
53
  $ret .= "<input name='wplc_user_facebook' id='wplc_user_facebook' value='$predefined' /> <em>".__("Facebook URL","wplivechat")."</em><br/>";
54
  $ret .= "</label>";
55
  $ret .= "<label for='wplc_user_website'>";
56
+ if ( get_the_author_meta( 'wplc_user_website', $user->ID ) != "" ) { $predefined = sanitize_text_field( get_the_author_meta( 'wplc_user_website', $user->ID ) ); } else { $predefined = ""; }
57
  $ret .= "<input name='wplc_user_website' id='wplc_user_website' value='$predefined' /> <em>".__("Website URL","wplivechat")."</em><br/>";
58
  $ret .= "</label>";
59
  $ret .= "<small>".__( "This will show up at the top of the chatbox, in the agent's description - Leave each item blank to disable it.", 'wplivechat' )."</small>";
includes/wplc_custom_fields.php CHANGED
@@ -1,4 +1,7 @@
1
  <?php
 
 
 
2
 
3
  add_action( "wplc_pro_update_db_hook", "wplc_custom_fields_tables_mrg" );
4
  function wplc_custom_fields_tables_mrg(){
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
 
6
  add_action( "wplc_pro_update_db_hook", "wplc_custom_fields_tables_mrg" );
7
  function wplc_custom_fields_tables_mrg(){
includes/wplc_data_triggers.php CHANGED
@@ -1,4 +1,7 @@
1
  <?php
 
 
 
2
 
3
  function wplc_triggers_page(){
4
  wplc_enqueue_admin_styles_mrg();
@@ -353,7 +356,7 @@ function wplc_add_trigger_mrg($trigger_data){
353
  if($trigger_data['trigger_enabled'] != ""){ $trigger_enabled = 1; }else{ $trigger_enabled = 0; }
354
 
355
  //Validation - 2
356
- $trigger_name = esc_attr($trigger_name);
357
 
358
  $sql = "INSERT INTO $wplc_tblname_chat_triggers SET `name` = '%s', `type` = '%s', `content` = '%s', `show_content` = '%d', `status` = '%d' ";
359
  $sql = $wpdb->prepare($sql, $trigger_name, $trigger_type, $trigger_content, $trigger_replace, $trigger_enabled);
@@ -384,7 +387,7 @@ function wplc_edit_trigger_mrg($trigger_data, $trigger_id){
384
  if(isset($trigger_data['trigger_enabled']) && $trigger_data['trigger_enabled'] != ""){ $trigger_enabled = 1; }else{ $trigger_enabled = 0; }
385
 
386
  //Validation - 2
387
- $trigger_name = esc_attr($trigger_name);
388
 
389
  $trigger_id = intval($trigger_id);
390
  $sql = "UPDATE $wplc_tblname_chat_triggers SET `name` = '%s', `type` = '%s', `content` = '%s', `show_content` = '%d', `status` = '%d' WHERE `id` = '%d' ";
@@ -476,8 +479,8 @@ function wplc_mrg_get_trigger_table(){
476
  $content .= "<td style='".(!is_bool(strpos($conflictations, $result->id)) && strpos($conflictations, $result->id) >= 0 ? "border-left:4px solid #ffba00" : "")."'>".$result->id."</td>";
477
  $content .= "<td>".$result->name."</td>";
478
  $content .= "<td>".__(wplc_get_type_from_code_mrg($result->type), "wplivechat")."</td>";
479
- $content .= "<td>".(strip_tags($trigger_content["pages"]) == "" ? __("All", "wplivechat") : strip_tags($trigger_content["pages"]))."</td>";
480
- $content .= "<td>".trim(substr(strip_tags($trigger_content["html"]), 0, 120))."...</td>";
481
  $content .= "<td>";
482
  $content .= "<div class='wplc_trigger_status ".($result->status == 1 ? "wplc_trigger_enabled" : "wplc_trigger_disabled")."'>";
483
  $content .= "<a href='?page=wplivechat-menu-triggers&wplc_action=trigger_status_change&trigger_id=".$result->id."&trigger_status=".($result->status == 1 ? "0" : "1")."' title='".__("Click to change trigger status", "wplivechat")."'>";
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
 
6
  function wplc_triggers_page(){
7
  wplc_enqueue_admin_styles_mrg();
356
  if($trigger_data['trigger_enabled'] != ""){ $trigger_enabled = 1; }else{ $trigger_enabled = 0; }
357
 
358
  //Validation - 2
359
+ $trigger_name = sanitize_text_field($trigger_name);
360
 
361
  $sql = "INSERT INTO $wplc_tblname_chat_triggers SET `name` = '%s', `type` = '%s', `content` = '%s', `show_content` = '%d', `status` = '%d' ";
362
  $sql = $wpdb->prepare($sql, $trigger_name, $trigger_type, $trigger_content, $trigger_replace, $trigger_enabled);
387
  if(isset($trigger_data['trigger_enabled']) && $trigger_data['trigger_enabled'] != ""){ $trigger_enabled = 1; }else{ $trigger_enabled = 0; }
388
 
389
  //Validation - 2
390
+ $trigger_name = sanitize_text_field($trigger_name);
391
 
392
  $trigger_id = intval($trigger_id);
393
  $sql = "UPDATE $wplc_tblname_chat_triggers SET `name` = '%s', `type` = '%s', `content` = '%s', `show_content` = '%d', `status` = '%d' WHERE `id` = '%d' ";
479
  $content .= "<td style='".(!is_bool(strpos($conflictations, $result->id)) && strpos($conflictations, $result->id) >= 0 ? "border-left:4px solid #ffba00" : "")."'>".$result->id."</td>";
480
  $content .= "<td>".$result->name."</td>";
481
  $content .= "<td>".__(wplc_get_type_from_code_mrg($result->type), "wplivechat")."</td>";
482
+ $content .= "<td>".(sanitize_text_field($trigger_content["pages"]) == "" ? __("All", "wplivechat") : sanitize_text_field($trigger_content["pages"]))."</td>";
483
+ $content .= "<td>".trim(substr(wp_filter_post_kses($trigger_content["html"]), 0, 120))."...</td>";
484
  $content .= "<td>";
485
  $content .= "<div class='wplc_trigger_status ".($result->status == 1 ? "wplc_trigger_enabled" : "wplc_trigger_disabled")."'>";
486
  $content .= "<a href='?page=wplivechat-menu-triggers&wplc_action=trigger_status_change&trigger_id=".$result->id."&trigger_status=".($result->status == 1 ? "0" : "1")."' title='".__("Click to change trigger status", "wplivechat")."'>";
includes/wplc_departments.php CHANGED
@@ -3,6 +3,11 @@
3
  /*
4
  * Handles WPLC department functionality
5
  */
 
 
 
 
 
6
  global $wplc_tblname_chat_departments;
7
  $wplc_tblname_chat_departments = $wpdb->prefix . "wplc_departments";
8
 
@@ -68,7 +73,7 @@ add_action("wplc_pro_custom_user_profile_field_after_content_hook", "wplc_mrg_de
68
  * @return void
69
  */
70
  function wplc_mrg_department_user_profile_departments($user){
71
- $user_is_agent = esc_attr(get_the_author_meta( 'wplc_ma_agent', $user->ID));
72
  if($user_is_agent == "1"){
73
  $selected_department = intval(get_user_meta($user->ID, "wplc_user_department", true));
74
  if(current_user_can('manage_options', array(null))){
@@ -86,7 +91,7 @@ function wplc_mrg_department_user_profile_departments($user){
86
  if($departments){
87
  foreach($departments as $dep){
88
  ?>
89
- <option value="<?php echo $dep->id;?>" <?php echo ($selected_department === intval($dep->id) ? "SELECTED" : "" ); ?> ><?php echo $dep->name; ?></option>
90
  <?php
91
  }
92
  }
@@ -384,7 +389,7 @@ function wplc_add_department_mrg($data){
384
  if($data['wplc_department_name'] != ""){ $data_name = $data['wplc_department_name']; } else { return false; }
385
 
386
  //Validation - 2
387
- $data_name = esc_attr($data_name);
388
 
389
  $sql = "INSERT INTO $wplc_tblname_chat_departments SET `name` = '%s' ";
390
  $sql = $wpdb->prepare($sql, $data_name);
@@ -412,7 +417,7 @@ function wplc_edit_department_mrg($data, $id){
412
  if($data['wplc_department_name'] != ""){ $department_name = $data['wplc_department_name']; } else { return false; }
413
 
414
  //Validation - 2
415
- $department_name = esc_attr($department_name);
416
 
417
  $id = intval($id);
418
  $sql = "UPDATE $wplc_tblname_chat_departments SET `name` = '%s' WHERE `id` = '%d' ";
@@ -546,7 +551,7 @@ function wplc_mrg_department_settings_tab_content() {
546
  if($departments){
547
  foreach($departments as $dep){
548
  ?>
549
- <option value="<?php echo $dep->id;?>" <?php echo ($selected_department === intval($dep->id) ? "SELECTED" : "" ); ?> ><?php echo $dep->name; ?></option>
550
  <?php
551
  }
552
  }
@@ -661,7 +666,7 @@ function wplc_dashboard_department_selector_mrg(){
661
  $content .= "<option value='0' >" . __("No Department", "wplivechat") . "</option>";
662
  foreach($departments as $dep){
663
  // $content .= "<option value='" . $dep->id ."' " . (intval($default_department) === intval($dep->id) ? "SELECTED" : ""). ">" . $dep->name . "</option>";
664
- $content .= "<option value='" . $dep->id ."' ". (intval($current_selection) === intval($dep->id) ? "SELECTED" : ""). ">" . $dep->name . "</option>";
665
 
666
  }
667
  $content .= "</select>";
@@ -765,7 +770,7 @@ add_action("wplc_start_chat_hook_after_data_insert", "wplc_mrg_department_user_s
765
  */
766
  function wplc_mrg_department_user_selected_department($cid){
767
  if(isset($_POST['wplc_user_selected_department'])){
768
- wplc_mrg_department_update_department($cid, $_POST['wplc_user_selected_department']);
769
  } else {
770
  wplc_mrg_department_update_department($cid, null);
771
  }
3
  /*
4
  * Handles WPLC department functionality
5
  */
6
+
7
+ if ( ! defined( 'ABSPATH' ) ) {
8
+ exit;
9
+ }
10
+
11
  global $wplc_tblname_chat_departments;
12
  $wplc_tblname_chat_departments = $wpdb->prefix . "wplc_departments";
13
 
73
  * @return void
74
  */
75
  function wplc_mrg_department_user_profile_departments($user){
76
+ $user_is_agent = sanitize_text_field(get_the_author_meta( 'wplc_ma_agent', $user->ID));
77
  if($user_is_agent == "1"){
78
  $selected_department = intval(get_user_meta($user->ID, "wplc_user_department", true));
79
  if(current_user_can('manage_options', array(null))){
91
  if($departments){
92
  foreach($departments as $dep){
93
  ?>
94
+ <option value="<?php echo $dep->id;?>" <?php echo ($selected_department === intval($dep->id) ? "SELECTED" : "" ); ?> ><?php echo sanitize_text_field($dep->name); ?></option>
95
  <?php
96
  }
97
  }
389
  if($data['wplc_department_name'] != ""){ $data_name = $data['wplc_department_name']; } else { return false; }
390
 
391
  //Validation - 2
392
+ $data_name = sanitize_text_field($data_name);
393
 
394
  $sql = "INSERT INTO $wplc_tblname_chat_departments SET `name` = '%s' ";
395
  $sql = $wpdb->prepare($sql, $data_name);
417
  if($data['wplc_department_name'] != ""){ $department_name = $data['wplc_department_name']; } else { return false; }
418
 
419
  //Validation - 2
420
+ $department_name = sanitize_text_field($department_name);
421
 
422
  $id = intval($id);
423
  $sql = "UPDATE $wplc_tblname_chat_departments SET `name` = '%s' WHERE `id` = '%d' ";
551
  if($departments){
552
  foreach($departments as $dep){
553
  ?>
554
+ <option value="<?php echo $dep->id;?>" <?php echo ($selected_department === intval($dep->id) ? "SELECTED" : "" ); ?> ><?php echo sanitize_text_field($dep->name); ?></option>
555
  <?php
556
  }
557
  }
666
  $content .= "<option value='0' >" . __("No Department", "wplivechat") . "</option>";
667
  foreach($departments as $dep){
668
  // $content .= "<option value='" . $dep->id ."' " . (intval($default_department) === intval($dep->id) ? "SELECTED" : ""). ">" . $dep->name . "</option>";
669
+ $content .= "<option value='" . $dep->id ."' ". (intval($current_selection) === intval($dep->id) ? "SELECTED" : ""). ">" . sanitize_text_field($dep->name) . "</option>";
670
 
671
  }
672
  $content .= "</select>";
770
  */
771
  function wplc_mrg_department_user_selected_department($cid){
772
  if(isset($_POST['wplc_user_selected_department'])){
773
+ wplc_mrg_department_update_department($cid, sanitize_text_field($_POST['wplc_user_selected_department']));
774
  } else {
775
  wplc_mrg_department_update_department($cid, null);
776
  }
includes/wplc_roi.php CHANGED
@@ -2,6 +2,11 @@
2
  /*
3
  * Handles WPLC roi functionality
4
  */
 
 
 
 
 
5
  global $wplc_tblname_chat_roi_goals;
6
  global $wplc_tblname_chat_roi_conversions;
7
 
@@ -142,8 +147,8 @@ function wplc_mrg_get_roi_goals_table(){
142
  $content .= "<tr>";
143
  $content .= "<td>".$result->id."</td>";
144
  $content .= "<td>".$result->name."</td>";
145
- $content .= "<td>".trim(substr(strip_tags($result->overview), 0, 120))."</td>";
146
- $content .= "<td>".(strip_tags($result->pages) == "" ? __("None", "wp-livechat") : strip_tags($result->pages))."</td>";
147
  $content .= "<td>".$result->amount."</td>";
148
  $content .= "<td>".$roi_goal_actions."</td>";
149
  $content .= "</tr>";
@@ -295,10 +300,10 @@ function wplc_mrg_goal_dropdown_selector($name, $selected_value){
295
  if ( ! empty( $posts_pages ) ) {
296
  $class = '';
297
  if ( ! empty( $r['class'] ) ) {
298
- $class = " class='" . esc_attr( $r['class'] ) . "'";
299
  }
300
 
301
- $output = "<select name='" . esc_attr( $r['name'] ) . "'" . $class . " id='" . esc_attr( $r['id'] ) . "' value=".intval($selected_value).">\n";
302
 
303
  foreach ($posts_pages as $key => $value) {
304
  $output .= "\t<option value='".$value->ID."' ".(intval($value->ID) === intval($selected_value) ? "selected" : "").">" . $value->ID . " - " . $value->post_title . "</option>\n";
@@ -450,8 +455,8 @@ function wplc_add_goal_mrg($goal_data){
450
  if($goal_data['wplc_goal_value'] != ""){ $goal_value = $goal_data['wplc_goal_value']; } else { return false; }
451
 
452
  //Validation - 2
453
- $goal_name = esc_attr($goal_name);
454
- $goal_overview = esc_attr($goal_overview);
455
 
456
  $sql = "INSERT INTO $wplc_tblname_chat_roi_goals SET `name` = '%s', `pages` = '%s', `overview` = '%s', `amount` = '%s' ";
457
  $sql = $wpdb->prepare($sql, $goal_name, $goal_page, $goal_overview, $goal_value);
@@ -483,8 +488,8 @@ function wplc_edit_goal_mrg($goal_data, $goal_id){
483
  if($goal_data['wplc_goal_value'] != ""){ $goal_value = floatval($goal_data['wplc_goal_value']); } else { return false; }
484
 
485
  //Validation - 2
486
- $goal_name = esc_attr($goal_name);
487
- $goal_overview = esc_attr($goal_overview);
488
 
489
  $goal_id = intval($goal_id);
490
  $sql = "UPDATE $wplc_tblname_chat_roi_goals SET `name` = '%s', `pages` = '%s', `overview` = '%s', `amount` = '%s' WHERE `id` = '%d' ";
2
  /*
3
  * Handles WPLC roi functionality
4
  */
5
+
6
+ if ( ! defined( 'ABSPATH' ) ) {
7
+ exit;
8
+ }
9
+
10
  global $wplc_tblname_chat_roi_goals;
11
  global $wplc_tblname_chat_roi_conversions;
12
 
147
  $content .= "<tr>";
148
  $content .= "<td>".$result->id."</td>";
149
  $content .= "<td>".$result->name."</td>";
150
+ $content .= "<td>".trim(substr(sanitize_text_field($result->overview), 0, 120))."</td>";
151
+ $content .= "<td>".(sanitize_text_field($result->pages) == "" ? __("None", "wp-livechat") : sanitize_text_field($result->pages))."</td>";
152
  $content .= "<td>".$result->amount."</td>";
153
  $content .= "<td>".$roi_goal_actions."</td>";
154
  $content .= "</tr>";
300
  if ( ! empty( $posts_pages ) ) {
301
  $class = '';
302
  if ( ! empty( $r['class'] ) ) {
303
+ $class = " class='" . sanitize_text_field( $r['class'] ) . "'";
304
  }
305
 
306
+ $output = "<select name='" . sanitize_text_field( $r['name'] ) . "'" . $class . " id='" . sanitize_text_field( $r['id'] ) . "' value=".intval($selected_value).">\n";
307
 
308
  foreach ($posts_pages as $key => $value) {
309
  $output .= "\t<option value='".$value->ID."' ".(intval($value->ID) === intval($selected_value) ? "selected" : "").">" . $value->ID . " - " . $value->post_title . "</option>\n";
455
  if($goal_data['wplc_goal_value'] != ""){ $goal_value = $goal_data['wplc_goal_value']; } else { return false; }
456
 
457
  //Validation - 2
458
+ $goal_name = sanitize_text_field($goal_name);
459
+ $goal_overview = sanitize_text_field($goal_overview);
460
 
461
  $sql = "INSERT INTO $wplc_tblname_chat_roi_goals SET `name` = '%s', `pages` = '%s', `overview` = '%s', `amount` = '%s' ";
462
  $sql = $wpdb->prepare($sql, $goal_name, $goal_page, $goal_overview, $goal_value);
488
  if($goal_data['wplc_goal_value'] != ""){ $goal_value = floatval($goal_data['wplc_goal_value']); } else { return false; }
489
 
490
  //Validation - 2
491
+ $goal_name = sanitize_text_field($goal_name);
492
+ $goal_overview = sanitize_text_field($goal_overview);
493
 
494
  $goal_id = intval($goal_id);
495
  $sql = "UPDATE $wplc_tblname_chat_roi_goals SET `name` = '%s', `pages` = '%s', `overview` = '%s', `amount` = '%s' WHERE `id` = '%d' ";
includes/wplc_transfer_chats.php CHANGED
@@ -3,6 +3,10 @@
3
  * Handles the transferring of a chat
4
  */
5
 
 
 
 
 
6
  add_filter("wplc_admin_chat_area_before_end_chat_button", "wplc_mrg_admin_transfer_tools", 15, 1);
7
  /**
8
  * Outputs (echo) the 'Transfer' button
@@ -531,13 +535,17 @@ function wplc_filter_control_chat_notification_auto_department_transfer_mrg($typ
531
  if($from_department === null){
532
  $msg .= __("selected department", "wplivechat");
533
  } else {
534
- $msg .= $from_department[0]->name;
 
 
535
  }
536
  $msg .= ", " . __("automatically transferring you to", "wplivechat") . " ";
537
  if($to_department === null){
538
  $msg .= __("the next available department", "wplivechat");
539
  } else {
540
- $msg .= $to_department[0]->name;
 
 
541
  }
542
  $msg .= ".";
543
 
@@ -565,11 +573,15 @@ function wplc_filter_control_chat_notification_auto_department_transfer_mrg($typ
565
  if($from_department === null){
566
  $msg .= __("department", "wplivechat");
567
  } else {
568
- $msg .= $from_department[0]->name;
 
 
569
  }
570
 
571
  if($to_department !== null){
572
- $msg .= __(" to ", "wplivechat") . " " . $to_department[0]->name;
 
 
573
  }
574
  $msg .= " " . __("as there were no agents online") . ".";
575
 
3
  * Handles the transferring of a chat
4
  */
5
 
6
+ if ( ! defined( 'ABSPATH' ) ) {
7
+ exit;
8
+ }
9
+
10
  add_filter("wplc_admin_chat_area_before_end_chat_button", "wplc_mrg_admin_transfer_tools", 15, 1);
11
  /**
12
  * Outputs (echo) the 'Transfer' button
535
  if($from_department === null){
536
  $msg .= __("selected department", "wplivechat");
537
  } else {
538
+ if(!empty($from_department[0]) && !empty($from_department[0]->name)){
539
+ $msg .= $from_department[0]->name;
540
+ }
541
  }
542
  $msg .= ", " . __("automatically transferring you to", "wplivechat") . " ";
543
  if($to_department === null){
544
  $msg .= __("the next available department", "wplivechat");
545
  } else {
546
+ if(!empty($to_department[0]) && !empty($to_department[0]->name)){
547
+ $msg .= $to_department[0]->name;
548
+ }
549
  }
550
  $msg .= ".";
551
 
573
  if($from_department === null){
574
  $msg .= __("department", "wplivechat");
575
  } else {
576
+ if(!empty($from_department[0]) && !empty($from_department[0]->name)){
577
+ $msg .= $from_department[0]->name;
578
+ }
579
  }
580
 
581
  if($to_department !== null){
582
+ if(!empty($to_department[0]) && !empty($to_department[0]->name)){
583
+ $msg .= __(" to ", "wplivechat") . " " . $to_department[0]->name;
584
+ }
585
  }
586
  $msg .= " " . __("as there were no agents online") . ".";
587
 
js/wplc_admin_pro.js CHANGED
@@ -1,24 +1,5 @@
1
 
2
  jQuery(function() {
3
-
4
-
5
-
6
-
7
-
8
- if(jQuery("input[type=radio][name='wplc_mail_type']:checked").val() === "php_mailer"){
9
- jQuery("#wplc_smtp_details").show();
10
- } else {
11
- jQuery("#wplc_smtp_details").hide();
12
- }
13
-
14
- jQuery('.wplc_mail_type_radio').click(
15
- function(e){
16
- if (jQuery(this).is(':checked') && jQuery(this).val() === "php_mailer"){
17
- jQuery("#wplc_smtp_details").show();
18
- } else {
19
- jQuery("#wplc_smtp_details").hide();
20
- }
21
- });
22
 
23
  jQuery("#wplc_localization_warning").hide()
24
  if(jQuery("#wplc_using_localization_plugin").is(":checked")){
1
 
2
  jQuery(function() {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
 
4
  jQuery("#wplc_localization_warning").hide()
5
  if(jQuery("#wplc_using_localization_plugin").is(":checked")){
js/wplc_agent_node.js CHANGED
@@ -172,8 +172,8 @@ var bleeper_link_match_regex = /(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!,.
172
 
173
  query_string = "nc_api_key="+nifty_api_key+"&nc_agent_id="+agent_id;
174
 
175
- if(typeof wplc_pro_auth !== "undefined"){
176
- query_string += "&pro_auth=" + wplc_pro_auth;
177
  }
178
 
179
  if(typeof bleeper_agent_verification_end_point !== "undefined"){
172
 
173
  query_string = "nc_api_key="+nifty_api_key+"&nc_agent_id="+agent_id;
174
 
175
+ if(typeof wplc_guid !== "undefined"){
176
+ query_string += "&guid=" + wplc_guid;
177
  }
178
 
179
  if(typeof bleeper_agent_verification_end_point !== "undefined"){
js/wplc_node.js CHANGED
@@ -121,7 +121,7 @@ var bleeper_user_current_os = false; //When false the 'bleeper_get_operating_sys
121
  *
122
  * @return {string} guid
123
  */
124
- function wplc_guid() {
125
  var nav = window.navigator;
126
  var screen = window.screen;
127
  var guid = nav.mimeTypes.length;
@@ -137,8 +137,8 @@ function wplc_guid() {
137
  * Setup the socket query variable, which is appended to the socket connection whenever the soket connects to the node servers
138
  */
139
  function wplc_set_up_query_string() {
140
- if (typeof wplc_pro_auth !== "undefined") {
141
- query_string += "&pro_auth=" + wplc_pro_auth;
142
  }
143
 
144
  if (typeof bleeper_user_ip_address !== "undefined") {
@@ -156,7 +156,7 @@ function wplc_set_up_query_string() {
156
  query_string += "&customer_id=" + bleeper_customerID;
157
  }
158
 
159
- bleeper_fingerprint = wplc_guid();
160
  if (typeof bleeper_fingerprint !== "undefined" && bleeper_fingerprint !== '' && bleeper_fingerprint !== null) {
161
  query_string += "&bleeper_fingerprint=" + bleeper_fingerprint;
162
  }
121
  *
122
  * @return {string} guid
123
  */
124
+ function wplc_jsguid() {
125
  var nav = window.navigator;
126
  var screen = window.screen;
127
  var guid = nav.mimeTypes.length;
137
  * Setup the socket query variable, which is appended to the socket connection whenever the soket connects to the node servers
138
  */
139
  function wplc_set_up_query_string() {
140
+ if (typeof wplc_guid !== "undefined") {
141
+ query_string += "&guid=" + wplc_guid;
142
  }
143
 
144
  if (typeof bleeper_user_ip_address !== "undefined") {
156
  query_string += "&customer_id=" + bleeper_customerID;
157
  }
158
 
159
+ bleeper_fingerprint = wplc_jsguid();
160
  if (typeof bleeper_fingerprint !== "undefined" && bleeper_fingerprint !== '' && bleeper_fingerprint !== null) {
161
  query_string += "&bleeper_fingerprint=" + bleeper_fingerprint;
162
  }
js/wplc_tabs.js CHANGED
@@ -23,22 +23,6 @@ jQuery(function() {
23
 
24
  return active;
25
  }
26
-
27
-
28
- if(jQuery("input[type=radio][name='wplc_mail_type']:checked").val() === "php_mailer"){
29
- jQuery("#wplc_smtp_details").show();
30
- } else {
31
- jQuery("#wplc_smtp_details").hide();
32
- }
33
-
34
- jQuery('.wplc_mail_type_radio').click(
35
- function(e){
36
- if (jQuery(this).is(':checked') && jQuery(this).val() === "php_mailer"){
37
- jQuery("#wplc_smtp_details").show();
38
- } else {
39
- jQuery("#wplc_smtp_details").hide();
40
- }
41
- });
42
 
43
 
44
 
23
 
24
  return active;
25
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
26
 
27
 
28
 
js/wplc_u_admin_events.js CHANGED
@@ -39,24 +39,6 @@ jQuery(function(){
39
  jQuery("#toolbar-item-open-bleeper").show();
40
 
41
  }
42
-
43
- /*
44
-
45
- if(typeof bleeper_remote_form_data_array !== "undefined" && typeof bleeper_remote_form_api_url !== "undefined" && typeof bleeper_remote_form_route !== "undefined"){
46
- jQuery.post(wplc_baseurl + bleeper_remote_form_route, bleeper_remote_form_data_array, function(response) {
47
-
48
- }).done(function(response){
49
- jQuery(response).insertAfter("#bleeper_content_wrapper");
50
-
51
- // find closest server
52
-
53
-
54
-
55
- }).fail(function(){
56
- jQuery("#bleeper_inline_connection_error").fadeIn();
57
- });
58
- }
59
- */
60
  });
61
 
62
  var agent_dash_open = false;
39
  jQuery("#toolbar-item-open-bleeper").show();
40
 
41
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
42
  });
43
 
44
  var agent_dash_open = false;
js/wplc_u_admin_gif_integration.js CHANGED
@@ -50,7 +50,6 @@ WPLC_U_Admin_GIF_Integration.prototype = {
50
  IMAGES: {
51
  ICO_CONFIRM_SEARCH: "Search",
52
  ICO_CLOSE_SEARCH: "X",
53
- LOADING: "https://media.tenor.com/images/d6cd5151c04765d1992edfde14483068/tenor.gif"
54
  },
55
 
56
  gif_settings: undefined,
@@ -333,7 +332,7 @@ WPLC_U_Admin_GIF_Integration.prototype = {
333
  searchBoxHtml += "</div>";
334
  searchBoxHtml += "<div class='gif-sb-body'>";
335
  searchBoxHtml += "<div class='gifs-container'></div>";
336
- searchBoxHtml += "<div class='gif-sb-loader hidden'><img src='"+ this.IMAGES.LOADING +"'></div>";
337
  searchBoxHtml += "</div>";
338
  searchBoxHtml += "<div class='gif-sb-footer'>";
339
  searchBoxHtml += this.MSGS.INSTRUCTIONS_GIF_SEARCH;
50
  IMAGES: {
51
  ICO_CONFIRM_SEARCH: "Search",
52
  ICO_CLOSE_SEARCH: "X",
 
53
  },
54
 
55
  gif_settings: undefined,
332
  searchBoxHtml += "</div>";
333
  searchBoxHtml += "<div class='gif-sb-body'>";
334
  searchBoxHtml += "<div class='gifs-container'></div>";
335
+ searchBoxHtml += "<div class='gif-sb-loader hidden'>Loading...</div>";
336
  searchBoxHtml += "</div>";
337
  searchBoxHtml += "<div class='gif-sb-footer'>";
338
  searchBoxHtml += this.MSGS.INSTRUCTIONS_GIF_SEARCH;
modules/advanced_features.php CHANGED
@@ -2,6 +2,9 @@
2
  /*
3
  * Adds beta/opt-on options
4
  */
 
 
 
5
 
6
  add_filter("wplc_filter_setting_tabs","wplc_beta_settings_tab_heading");
7
  /**
@@ -47,15 +50,6 @@ function wplc_beta_settings_tab_content() {
47
  ?>
48
  <table class="wp-list-table wplc_list_table widefat fixed striped pages">
49
  <tbody>
50
- <tr>
51
- <td width="250" valign="top">
52
- <label for="wplc_use_node_server"><?php _e("Use our server to handle chats","wplivechat"); ?> <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e('Disabling this will result in the plugin reverting back to using the legacy chat dashboard.', 'wplivechat'); ?>"></i></label>
53
- </td>
54
- <td valign="top">
55
- <input type="checkbox" value="1" name="wplc_use_node_server" <?php if (isset($wplc_settings['wplc_use_node_server']) && $wplc_settings['wplc_use_node_server'] == '1') { echo "checked"; } ?>>
56
- <small><em><?php _e("Disabling this will revert the chat dashboard back to the legacy version.", "wplivechat"); ?></em></small>
57
- </td>
58
- </tr>
59
  <tr>
60
  <td width="250" valign="top">
61
  <label for="wplc_use_node_server"><?php _e("Chat server token","wplivechat"); ?> <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e('Security token for accessing chats on the node server. Changing this will remove current chats', 'wplivechat'); ?>"></i></label>
@@ -113,10 +107,10 @@ add_filter("wplc_settings_save_filter_hook", "wplc_beta_settings_save_hooked", 1
113
  */
114
  function wplc_beta_settings_save_hooked($wplc_data){
115
 
116
- if (isset($_POST['wplc_use_node_server'])) { $wplc_data['wplc_use_node_server'] = esc_attr($_POST['wplc_use_node_server']); }
117
 
118
  if (isset($_POST['wplc_node_token_input'])) {
119
- $wplc_node_new_token = esc_attr($_POST['wplc_node_token_input']);
120
  update_option("wplc_node_server_secret_token", $wplc_node_new_token);
121
  }
122
  if (isset($_POST['wplc_new_chat_ringer_count'])) {
2
  /*
3
  * Adds beta/opt-on options
4
  */
5
+ if ( ! defined( 'ABSPATH' ) ) {
6
+ exit;
7
+ }
8
 
9
  add_filter("wplc_filter_setting_tabs","wplc_beta_settings_tab_heading");
10
  /**
50
  ?>
51
  <table class="wp-list-table wplc_list_table widefat fixed striped pages">
52
  <tbody>
 
 
 
 
 
 
 
 
 
53
  <tr>
54
  <td width="250" valign="top">
55
  <label for="wplc_use_node_server"><?php _e("Chat server token","wplivechat"); ?> <i class="fa fa-question-circle wplc_light_grey wplc_settings_tooltip" title="<?php _e('Security token for accessing chats on the node server. Changing this will remove current chats', 'wplivechat'); ?>"></i></label>
107
  */
108
  function wplc_beta_settings_save_hooked($wplc_data){
109
 
110
+ $wplc_data['wplc_use_node_server'] = '1';
111
 
112
  if (isset($_POST['wplc_node_token_input'])) {
113
+ $wplc_node_new_token = sanitize_text_field($_POST['wplc_node_token_input']);
114
  update_option("wplc_node_server_secret_token", $wplc_node_new_token);
115
  }
116
  if (isset($_POST['wplc_new_chat_ringer_count'])) {
modules/advanced_tools.php CHANGED
@@ -2,6 +2,9 @@
2
  /**
3
  * Holds all advanced tools functionality
4
  */
 
 
 
5
 
6
  add_action("wplc_hook_menu", "wplc_at_add_menu_mrg");
7
  /**
@@ -144,7 +147,7 @@ function wplc_at_import_prompt_mrg(){
144
 
145
  if(isset($_FILES['wplc_at_import_file']['tmp_name'])){
146
  $row = 1;
147
- $file_ref = $_FILES['wplc_at_import_file']['tmp_name'];
148
  $handle = fopen($file_ref, "r");
149
  if ($handle !== FALSE) {
150
  while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
@@ -321,7 +324,7 @@ function wplc_at_export_history_mrg(){
321
  foreach ($results as $result) {
322
  if(function_exists("wplc_return_chat_messages")){
323
  $transcript = wplc_return_chat_messages($result['id'], false, false, false, false, 'string', false);
324
- $result['msg'] = strip_tags($transcript);
325
  }
326
 
327
  @fputcsv($output, $result);
2
  /**
3
  * Holds all advanced tools functionality
4
  */
5
+ if ( ! defined( 'ABSPATH' ) ) {
6
+ exit;
7
+ }
8
 
9
  add_action("wplc_hook_menu", "wplc_at_add_menu_mrg");
10
  /**
147
 
148
  if(isset($_FILES['wplc_at_import_file']['tmp_name'])){
149
  $row = 1;
150
+ $file_ref = realpath($_FILES['wplc_at_import_file']['tmp_name']);
151
  $handle = fopen($file_ref, "r");
152
  if ($handle !== FALSE) {
153
  while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
324
  foreach ($results as $result) {
325
  if(function_exists("wplc_return_chat_messages")){
326
  $transcript = wplc_return_chat_messages($result['id'], false, false, false, false, 'string', false);
327
+ $result['msg'] = wp_filter_post_kses(strip_tags($transcript));
328
  }
329
 
330
  @fputcsv($output, $result);
modules/api/wplc-api-functions.php CHANGED
@@ -1,9 +1,11 @@
1
  <?php
 
2
 
 
 
 
3
 
4
 
5
- /* Handles all functions related to the WP Live Chat Support API */
6
-
7
  /*
8
  * Accepts a chat within the WP Live Chat Support Dashboard
9
  * Required GET/POST variables:
@@ -578,8 +580,12 @@ function wplc_api_return_sessions() {
578
  $user_ip = __('IP Address not recorded', 'wplivechat');
579
  }
580
 
581
- $browser = wplc_return_browser_string($user_data['user_agent']);
582
- $browser_image = wplc_return_browser_image($browser,"16");
 
 
 
 
583
 
584
 
585
  $session_array[$result->id] = array();
@@ -730,294 +736,11 @@ function wplc_api_call_start_chat( WP_REST_Request $request ){
730
 
731
  }
732
 
733
-
734
-
735
- /**
736
- * EXPIRIMENTAL - Works when changing the ajaxurl to the relevat endpoint
737
- */
738
- function wplc_api_call_to_server_visitor(WP_REST_Request $request){
739
- $return_array = array();
740
- if(isset($request)){
741
- @ob_start();
742
- if(isset($request['security'])){
743
- $check = check_ajax_referer( 'wplc', 'security' );
744
- if ($check) {
745
-
746
-
747
-
748
- $wplc_advanced_settings = get_option("wplc_advanced_settings");
749
- if (!$wplc_advanced_settings) {
750
- $wplc_delay_between_updates = 500000;
751
- $wplc_delay_between_loops = 500000;
752
- $wplc_iterations = 55;
753
- } else {
754
- if (isset($wplc_advanced_settings['wplc_delay_between_updates'])) { $wplc_delay_between_updates = intval($wplc_advanced_settings['wplc_delay_between_updates']); } else { $wplc_delay_between_updates = 500000; }
755
- if (isset($wplc_advanced_settings['wplc_delay_between_loops'])) { $wplc_delay_between_loops = intval($wplc_advanced_settings['wplc_delay_between_loops']); } else { $wplc_delay_between_loops = 500000; }
756
- if (isset($wplc_advanced_settings['wplc_iterations'])) { $wplc_iterations = intval($wplc_advanced_settings['wplc_iterations']); } else { $wplc_iterations = 55; }
757
-
758
- if ($wplc_iterations < 10) { $wplc_iterations = 10; }
759
- if ($wplc_iterations > 200) { $wplc_iterations = 200; }
760
-
761
- if ($wplc_delay_between_updates < 250000) { $wplc_delay_between_updates = 250000; }
762
- if ($wplc_delay_between_updates > 1000000) { $wplc_delay_between_updates = 1000000; }
763
-
764
- if ($wplc_delay_between_loops < 250000) { $wplc_delay_between_loops = 250000; }
765
- if ($wplc_delay_between_loops > 1000000) { $wplc_delay_between_loops = 1000000; }
766
-
767
- }
768
-
769
-
770
- $iterations = $wplc_iterations;
771
-
772
-
773
-
774
- /* time in microseconds between updating the user on the page within the DB (lower number = higher resource usage) */
775
- define('WPLC_DELAY_BETWEEN_UPDATES', $wplc_delay_between_updates);
776
- /* time in microseconds between long poll loop (lower number = higher resource usage) */
777
- define('WPLC_DELAY_BETWEEN_LOOPS', $wplc_delay_between_loops);
778
- /* this needs to take into account the previous constants so that we dont run out of time, which in turn returns a 503 error */
779
- define('WPLC_TIMEOUT', (((WPLC_DELAY_BETWEEN_UPDATES + WPLC_DELAY_BETWEEN_LOOPS)) * $iterations) / 1000000);
780
-
781
-
782
-
783
- global $wpdb;
784
- global $wplc_tblname_chats;
785
- global $wplc_tblname_msgs;
786
-
787
-
788
-
789
-
790
- /* we're using PHP 'sleep' which may lock other requests until our script wakes up. Call this function to ensure that other requests can run without waiting for us to finish */
791
- session_write_close();
792
-
793
-
794
-
795
- $wplc_settings = get_option("WPLC_SETTINGS");
796
-
797
-
798
- if (defined('WPLC_TIMEOUT')) { @set_time_limit(WPLC_TIMEOUT); } else { @set_time_limit(120); }
799
- $i = 1;
800
- $array = array("check" => false);
801
- $array['debug'] = "";
802
-
803
- $cdata = false;
804
- if($request['cid'] == null || $request['cid'] == "" || $request['cid'] == "null" || $request['cid'] == 0){ } else {
805
- /* get agent ID */
806
-
807
- $cdata = wplc_get_chat_data(sanitize_text_field(intval($request['cid'])),__LINE__);
808
- $from = __("Admin","wplivechat"); /* set default */
809
-
810
- $array['aname'] = apply_filters("wplc_filter_admin_from", $from, $request['cid'],$cdata);
811
-
812
- }
813
-
814
- while($i <= $iterations) {
815
-
816
-
817
- if($request['cid'] == null || $request['cid'] == "" || $request['cid'] == "null" || $request['cid'] == 0){
818
- // echo 1;
819
-
820
- if( isset( $request['wplc_name'] ) && $request['wplc_name'] !== '' ){
821
- $user = sanitize_text_field($request['wplc_name']);
822
- } else {
823
- $user = "Guest";
824
- }
825
-
826
- if( isset( $request['wplc_email'] ) && $request['wplc_email'] !== '' ){
827
- $email = sanitize_text_field($request['wplc_email']);
828
- } else {
829
- $email = "no email set";
830
- }
831
-
832
- if(isset($request['wplc_is_mobile']) && ($request['wplc_is_mobile'] === 'true' || $request['wplc_is_mobile'] === true)){
833
- $is_mobile = true;
834
- } else {
835
- $is_mobile = false;
836
- }
837
-
838
- $cid = wplc_log_user_on_page($user,$email,sanitize_text_field($request['wplcsession']), $is_mobile);
839
- $array['cid'] = $cid;
840
-
841
- $array['status'] = wplc_return_chat_status($cid);
842
- $array['wplc_name'] = $user;
843
- $array['wplc_email'] = $email;
844
- $array['check'] = true;
845
-
846
- } else {
847
- // echo 2;
848
-
849
-
850
-
851
-
852
- $new_status = wplc_return_chat_status(sanitize_text_field($request['cid']));
853
- $array['wplc_name'] = sanitize_text_field($request['wplc_name']);
854
- $array['wplc_email'] = sanitize_text_field($request['wplc_email']);
855
- $array['cid'] = sanitize_text_field($request['cid']);
856
- $array['aid'] = sanitize_text_field($request['cid']);
857
-
858
- $array = apply_filters("wplc_filter_user_long_poll_chat_loop_iteration",$array,$request,$i,$cdata);
859
-
860
- if($new_status == $request['status']){ // if status matches do the following
861
- if($request['status'] != 2){
862
- /* check if session_variable is different? if yes then stop this script completely. */
863
- if (isset($request['wplcsession']) && $request['wplcsession'] != '' && $i > 1) {
864
- $wplc_session_variable = sanitize_text_field($request['wplcsession']);
865
- $current_session_variable = wplc_return_chat_session_variable(sanitize_text_field($request['cid']));
866
- if ($current_session_variable != "" && $current_session_variable != $wplc_session_variable) {
867
- /* stop this script */
868
- $array['status'] = 11;
869
- echo json_encode($array);
870
- die();
871
- }
872
- }
873
-
874
-
875
- if ($i == 1) {
876
- wplc_update_user_on_page(sanitize_text_field($request['cid']), sanitize_text_field($request['status']), sanitize_text_field($request['wplcsession']));
877
- }
878
- }
879
- if (intval($request['status']) == 0 || intval($request['status']) == 12){ // browsing - user tried to chat but admin didn't answer so turn back to browsing
880
- wplc_update_user_on_page(sanitize_text_field($request['cid']), 12, sanitize_text_field($request['wplcsession']));
881
- $array['status'] = 12;
882
-
883
- }
884
- else if($request['status'] == 3){
885
- $messages = wplc_return_user_chat_messages(sanitize_text_field($request['cid']),$wplc_settings,$cdata);
886
- if ($messages){
887
- wplc_mark_as_read_user_chat_messages(sanitize_text_field($request['cid']));
888
- $array['status'] = 3;
889
- $array['data'] = $messages;
890
- $array['check'] = true;
891
- }
892
- }
893
- else if(intval($request['status']) == 2){
894
- $messages = wplc_return_user_chat_messages(sanitize_text_field($request['cid']),$wplc_settings,$cdata);
895
- $array['debug'] = "we are here ".__LINE__;
896
- if ($messages){
897
- wplc_mark_as_read_user_chat_messages(sanitize_text_field($request['cid']));
898
- $array['status'] = 2;
899
- $array['data'] = $messages;
900
- $array['check'] = true;
901
- }
902
- }
903
-
904
- /* check if this is part of the first run */
905
- if (isset($request['first_run']) && sanitize_text_field($request['first_run']) == 1) {
906
- /* if yes, then send data now and dont wait for all iterations to complete */
907
- if (!isset($array['status'])) { $array['status'] = $new_status; }
908
- $array['check'] = true;
909
- }
910
- else if (isset($request['short_poll']) && sanitize_text_field($request['short_poll']) == "true") {
911
- /* if yes, then send data now and dont wait for all iterations to complete */
912
- if (!isset($array['status'])) { $array['status'] = $new_status; }
913
- $array['check'] = true;
914
- }
915
- } else { // statuses do not match
916
- $array['debug'] = $array['debug']. " ". "Doesnt match $new_status ".$request['status'];
917
- $array['status'] = $new_status;
918
- if($new_status == 1){ // completed
919
- wplc_update_user_on_page(sanitize_text_field($request['cid']), 8, sanitize_text_field($request['wplcsession']));
920
- $array['check'] = true;
921
- $array['status'] = 8;
922
- $array['data'] = __("Admin has closed and ended the chat","wplivechat");
923
- }
924
- else if(intval($new_status == 2)) { // pending
925
- $array['debug'] = "we are here ".__LINE__;
926
- $array['check'] = true;
927
- $array['wplc_name'] = wplc_return_chat_name(sanitize_text_field($request['cid']));
928
- $array['wplc_email'] = wplc_return_chat_email(sanitize_text_field($request['cid']));
929
- $messages = wplc_return_chat_messages(sanitize_text_field($request['cid']),false,true,$wplc_settings,$cdata,'array');
930
- if ($messages){
931
- $array['data'] = $messages;
932
- }
933
- }
934
- else if($new_status == 3){ // active
935
- $array['data'] = null;
936
- $array['check'] = true;
937
- if($request['status'] == 5){
938
- $messages = wplc_return_chat_messages(sanitize_text_field($request['cid']),false,true,$wplc_settings,$cdata,'array');
939
- if ($messages){
940
- $array['data'] = $messages;
941
- }
942
- }
943
- }
944
- else if($new_status == 7){ // timed out
945
- wplc_update_user_on_page(sanitize_text_field($request['cid']), 5, sanitize_text_field($request['wplcsession']));
946
- }
947
- else if($new_status == 9){ // user closed chat without inputting or starting a chat
948
- $array['check'] = true;
949
- }
950
- else if($new_status == 12){ // no answer from admin
951
- $array['data'] = wplc_return_no_answer_string(sanitize_text_field($request['cid']));
952
- $array['check'] = true;
953
- @do_action("wplc_hook_missed_chat",array("cid" => $request['cid'],"name" => $request['wplc_name'],"email" => $request['wplc_email']));
954
- }
955
- else if($new_status == 10){ // minimized active chat
956
- $array['check'] = true;
957
- if($request['status'] == 5){
958
- $messages = wplc_return_chat_messages(sanitize_text_field($request['cid']),false,true,$wplc_settings,$cdata,'array');
959
- if ($messages){
960
- $array['data'] = $messages;
961
- }
962
- }
963
- }
964
- /* check if this is part of the first run */
965
- if (isset($request['first_run']) && sanitize_text_field($request['first_run']) == "1") {
966
- /* if yes, then send data now and dont wait for all iterations to complete */
967
- if (!isset($array['status'])) { $array['status'] = $new_status; }
968
- $array['check'] = true;
969
- }
970
- else if (isset($request['short_poll']) && sanitize_text_field($request['short_poll']) == "true") {
971
- /* if yes, then send data now and dont wait for all iterations to complete */
972
- if (!isset($array['status'])) { $array['status'] = $new_status; }
973
- $array['check'] = true;
974
- }
975
- $array = apply_filters("wplc_filter_wplc_call_to_server_visitor_new_status_check",$array);
976
-
977
- }
978
- }
979
- if($array['check'] == true){
980
- echo json_encode($array);
981
- break;
982
- }
983
- $i++;
984
-
985
- if (defined('WPLC_DELAY_BETWEEN_LOOPS')) { usleep(WPLC_DELAY_BETWEEN_LOOPS); } else { usleep(500000); }
986
-
987
- @ob_end_flush();
988
-
989
- }
990
- die();
991
-
992
-
993
-
994
-
995
-
996
-
997
-
998
- } else {
999
- $return_array['response'] = "Nonce is invalid";
1000
- $return_array['code'] = "401";
1001
- }
1002
- } else{
1003
- $return_array['response'] = "No 'security' found";
1004
- $return_array['code'] = "401";
1005
- $return_array['requirements'] = array("security" => "YOUR_SECRET_TOKEN",
1006
- "cid" => "Chat ID",
1007
- "user" => "User type",
1008
- 'type' => "TYPE");
1009
- }
1010
- }else{
1011
- $return_array['response'] = "No request data found";
1012
- $return_array['code'] = "400";
1013
- $return_array['requirements'] = array("security" => "YOUR_SECRET_TOKEN",
1014
- "cid" => "Chat ID",
1015
- "user" => "User type",
1016
- 'type' => "TYPE");
1017
- }
1018
-
1019
- return $return_array;
1020
- }
1021
 
1022
  /*
1023
  * Upload end point
@@ -1605,23 +1328,23 @@ function wplc_api_remote_upload_handler_mrg($return_array, $request){
1605
 
1606
  if (isset($remote_files['file'])) {
1607
 
1608
- $file_name = strtolower( esc_attr($remote_files['file']['name']) );
1609
  $file_name = basename($file_name); //This prevents traversal
1610
 
1611
  if(!wplc_check_file_name_for_unsafe_extension($file_name)){
1612
  if(wplc_check_file_name_for_safe_extension($file_name)){
1613
- if( file_exists( realpath($user_dirname . "/wp_live_chat/" . intval($request['cid']) . "/" . esc_attr($remote_files['file']['name']) )) ){
1614
  $file_name = rand(0, 10) . "-" . $file_name;
1615
  }
1616
 
1617
  $file_name = str_replace(" ", "_", $file_name);
1618
 
1619
- if(move_uploaded_file( realpath( esc_attr($remote_files['file']['tmp_name'])), realpath($user_dirname."/wp_live_chat/" . intval($request['cid']) . "/" . $file_name)) ){
1620
 
1621
  if(wplc_check_file_mime_type( realpath($user_dirname. "/wp_live_chat/" . intval($request['cid']) . "/" . $file_name) )){
1622
  $response = realpath($upload_dir['baseurl']."/wp_live_chat/" . intval($request['cid']) . "/" . $file_name);
1623
 
1624
- $return_array['response'] = strip_tags($response);
1625
  } else {
1626
  @unlink( realpath($user_dirname. "/wp_live_chat/" . intval($request['cid']) . "/" . $file_name) );
1627
  $return_array['response'] = __('Security Violation - MIME Type not allowed', 'wplivechat');
1
  <?php
2
+ /* Handles all functions related to the WP Live Chat Support API */
3
 
4
+ if ( ! defined( 'ABSPATH' ) ) {
5
+ exit;
6
+ }
7
 
8
 
 
 
9
  /*
10
  * Accepts a chat within the WP Live Chat Support Dashboard
11
  * Required GET/POST variables:
580
  $user_ip = __('IP Address not recorded', 'wplivechat');
581
  }
582
 
583
+ $browser = 'Unknown';
584
+ $browser_image = '';
585
+ if(!empty($ip_info['user_agent'])){
586
+ $browser = wplc_return_browser_string($ip_info['user_agent']);
587
+ $browser_image = wplc_return_browser_image($browser,"16");
588
+ }
589
 
590
 
591
  $session_array[$result->id] = array();
736
 
737
  }
738
 
739
+ /*
740
+ * Function Removed: wplc_api_call_to_server_visitor
741
+ * Reason: Not in use unless manual override of AJAX path is added
742
+ * This is not possible for users, and was purely a conceptual piece of code
743
+ */
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
744
 
745
  /*
746
  * Upload end point
1328
 
1329
  if (isset($remote_files['file'])) {
1330
 
1331
+ $file_name = strtolower( sanitize_file_name($remote_files['file']['name']) );
1332
  $file_name = basename($file_name); //This prevents traversal
1333
 
1334
  if(!wplc_check_file_name_for_unsafe_extension($file_name)){
1335
  if(wplc_check_file_name_for_safe_extension($file_name)){
1336
+ if( file_exists( realpath($user_dirname . "/wp_live_chat/" . intval($request['cid']) . "/" . sanitize_file_name($remote_files['file']['name']) )) ){
1337
  $file_name = rand(0, 10) . "-" . $file_name;
1338
  }
1339
 
1340
  $file_name = str_replace(" ", "_", $file_name);
1341
 
1342
+ if(move_uploaded_file( realpath( sanitize_file_name($remote_files['file']['tmp_name'])), realpath($user_dirname."/wp_live_chat/" . intval($request['cid']) . "/" . $file_name)) ){
1343
 
1344
  if(wplc_check_file_mime_type( realpath($user_dirname. "/wp_live_chat/" . intval($request['cid']) . "/" . $file_name) )){
1345
  $response = realpath($upload_dir['baseurl']."/wp_live_chat/" . intval($request['cid']) . "/" . $file_name);
1346
 
1347
+ $return_array['response'] = wp_filter_post_kses(strip_tags($response));
1348
  } else {
1349
  @unlink( realpath($user_dirname. "/wp_live_chat/" . intval($request['cid']) . "/" . $file_name) );
1350
  $return_array['response'] = __('Security Violation - MIME Type not allowed', 'wplivechat');
modules/api/wplc-api-routes.php CHANGED
@@ -1,7 +1,10 @@
1
  <?php
2
-
3
  /* Handles all routes related to the WP Live Chat Support API */
4
 
 
 
 
 
5
  add_action('rest_api_init', 'wplc_rest_routes_init');
6
 
7
  function wplc_rest_routes_init() {
@@ -39,11 +42,6 @@ function wplc_rest_routes_init() {
39
  'callback' => 'wplc_api_get_sessions'
40
  ));
41
 
42
- register_rest_route('wp_live_chat_support/v1','/call_to_server_visitor', array(
43
- 'methods' => 'GET, POST',
44
- 'callback' => 'wplc_api_call_to_server_visitor'
45
- ));
46
-
47
  register_rest_route('wp_live_chat_support/v1','/start_chat', array(
48
  'methods' => 'GET, POST',
49
  'callback' => 'wplc_api_call_start_chat'
1
  <?php
 
2
  /* Handles all routes related to the WP Live Chat Support API */
3
 
4
+ if ( ! defined( 'ABSPATH' ) ) {
5
+ exit;
6
+ }
7
+
8
  add_action('rest_api_init', 'wplc_rest_routes_init');
9
 
10
  function wplc_rest_routes_init() {
42
  'callback' => 'wplc_api_get_sessions'
43
  ));
44
 
 
 
 
 
 
45
  register_rest_route('wp_live_chat_support/v1','/start_chat', array(
46
  'methods' => 'GET, POST',
47
  'callback' => 'wplc_api_call_start_chat'
modules/api/wplc-api.php CHANGED
@@ -1,4 +1,7 @@
1
  <?php
 
 
 
2
 
3
  if(class_exists("WP_REST_Request")){
4
  //The request class was found, move one
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
 
6
  if(class_exists("WP_REST_Request")){
7
  //The request class was found, move one
modules/cta_animations.php CHANGED
@@ -2,6 +2,9 @@
2
  /**
3
  * Handles all call to action animations
4
  */
 
 
 
5
 
6
  add_action('wplc_hook_styling_setting_bottom', 'wplc_mrg_call_to_action_settings_area');
7
  /**
@@ -61,7 +64,7 @@ add_filter('wplc_pro_setting_save_filter', 'wplc_mrg_call_to_action_anim_save');
61
  function wplc_mrg_call_to_action_anim_save( $settings ) {
62
  if(isset($_POST['wplc_save_settings'])){
63
  if(isset($_POST['wplc_pro_cta_anim'])){
64
- $settings['wplc_pro_cta_anim'] = esc_attr($_POST['wplc_pro_cta_anim']);
65
  } else {
66
  $settings['wplc_pro_cta_anim'] = "false";
67
  }
2
  /**
3
  * Handles all call to action animations
4
  */
5
+ if ( ! defined( 'ABSPATH' ) ) {
6
+ exit;
7
+ }
8
 
9
  add_action('wplc_hook_styling_setting_bottom', 'wplc_mrg_call_to_action_settings_area');
10
  /**
64
  function wplc_mrg_call_to_action_anim_save( $settings ) {
65
  if(isset($_POST['wplc_save_settings'])){
66
  if(isset($_POST['wplc_pro_cta_anim'])){
67
+ $settings['wplc_pro_cta_anim'] = sanitize_text_field($_POST['wplc_pro_cta_anim']);
68
  } else {
69
  $settings['wplc_pro_cta_anim'] = "false";
70
  }
modules/documentation_suggestions.php CHANGED
@@ -1,4 +1,7 @@
1
  <?php
 
 
 
2
 
3
  add_filter("wplc_filter_setting_tabs","wplc_api_settings_tab_heading_doc_suggestions_mrg");
4
  function wplc_api_settings_tab_heading_doc_suggestions_mrg($tab_array) {
@@ -54,7 +57,7 @@ function wplc_doc_sugg_save_settings_mrg() {
54
  if (isset($_POST['wplc_save_settings'])) {
55
  $wplc_doc_sugg_data = array();
56
  if (isset($_POST['wplc_enable_doc_suggestions'])) {
57
- $wplc_doc_sugg_data['wplc_enable_doc_suggestions'] = esc_attr($_POST['wplc_enable_doc_suggestions']);
58
  } else {
59
  $wplc_doc_sugg_data['wplc_enable_doc_suggestions'] = 0;
60
  }
@@ -202,7 +205,7 @@ function wplc_documentation_find_mrg($string) {
202
  $lev_title = levenshtein(wplc_tokenise_mrg($tmp_title,'string'), $original_string);
203
 
204
  $lev_content = 0;
205
- $words = preg_split('/\s+/', strip_tags($description));
206
  foreach($words as $word)
207
  $lev_content += levenshtein($word, $original_string);
208
 
@@ -304,7 +307,7 @@ function wplc_remove_stop_words_mrg($string) {
304
  */
305
  function wplc_tokenise_mrg($string,$method = 'array') {
306
  $text = strtolower($string);
307
- $matches = strip_tags(html_entity_decode($text)); // strip the rest of the HTML code
308
  $matches = str_replace(" "," ",$matches);
309
  $matches = preg_replace("/http(s)*:\/\/.+/i"," ",$matches);
310
  $matches = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $matches); // remove all non-utf8 characters
@@ -312,7 +315,7 @@ function wplc_tokenise_mrg($string,$method = 'array') {
312
  $matches = preg_replace('/\<script.*?\<\/script\>/ism', '', $matches); //remove script tags
313
  $matches = preg_replace('/\<style.*?\<\/style\>/ism', '', $matches); // remove style tags
314
  $matches = preg_replace( '|\[(.+?)\](.+?\[/\\1\])?|s', '', $matches); // remove square bracket tags
315
- $matches = strip_tags(html_entity_decode($matches)); // strip the rest of the HTML code
316
  $matches = preg_replace('/\s+/', ' ',$matches);
317
  $matches = str_replace("?","",$matches);
318
  $matches = str_replace("!","",$matches);
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
 
6
  add_filter("wplc_filter_setting_tabs","wplc_api_settings_tab_heading_doc_suggestions_mrg");
7
  function wplc_api_settings_tab_heading_doc_suggestions_mrg($tab_array) {
57
  if (isset($_POST['wplc_save_settings'])) {
58
  $wplc_doc_sugg_data = array();
59
  if (isset($_POST['wplc_enable_doc_suggestions'])) {
60
+ $wplc_doc_sugg_data['wplc_enable_doc_suggestions'] = sanitize_text_field($_POST['wplc_enable_doc_suggestions']);
61
  } else {
62
  $wplc_doc_sugg_data['wplc_enable_doc_suggestions'] = 0;
63
  }
205
  $lev_title = levenshtein(wplc_tokenise_mrg($tmp_title,'string'), $original_string);
206
 
207
  $lev_content = 0;
208
+ $words = preg_split('/\s+/', wp_filter_post_kses(strip_tags($description)));
209
  foreach($words as $word)
210
  $lev_content += levenshtein($word, $original_string);
211
 
307
  */
308
  function wplc_tokenise_mrg($string,$method = 'array') {
309
  $text = strtolower($string);
310
+ $matches = wp_filter_post_kses(html_entity_decode($text)); // strip the rest of the HTML code
311
  $matches = str_replace(" "," ",$matches);
312
  $matches = preg_replace("/http(s)*:\/\/.+/i"," ",$matches);
313
  $matches = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $matches); // remove all non-utf8 characters
315
  $matches = preg_replace('/\<script.*?\<\/script\>/ism', '', $matches); //remove script tags
316
  $matches = preg_replace('/\<style.*?\<\/style\>/ism', '', $matches); // remove style tags
317
  $matches = preg_replace( '|\[(.+?)\](.+?\[/\\1\])?|s', '', $matches); // remove square bracket tags
318
+ $matches = wp_filter_post_kses(html_entity_decode($matches)); // strip the rest of the HTML code
319
  $matches = preg_replace('/\s+/', ' ',$matches);
320
  $matches = str_replace("?","",$matches);
321
  $matches = str_replace("!","",$matches);
modules/gdpr.php CHANGED
@@ -1,9 +1,12 @@
1
  <?php
2
-
3
  /**
4
  * GDPR Compliance Module
5
  */
6
 
 
 
 
 
7
  add_filter("wplc_activate_default_settings_array", "wplc_gdpr_set_default_settings", 10, 1);
8
  /*
9
  * Sets the default GDPR options
@@ -89,7 +92,7 @@ add_filter("wplc_settings_save_filter_hook", "wplc_gdpr_settings_save_hooked", 1
89
  function wplc_gdpr_settings_save_hooked($wplc_data){
90
 
91
  if (isset($_POST['wplc_gdpr_enabled'])) {
92
- $wplc_data['wplc_gdpr_enabled'] = esc_attr($_POST['wplc_gdpr_enabled']);
93
  do_action('wplc_gdpr_reg_cron_hook');
94
 
95
  update_option('WPLC_GDPR_DISABLED_WARNING_DISMISSED', 'false');
@@ -97,9 +100,9 @@ function wplc_gdpr_settings_save_hooked($wplc_data){
97
  do_action('wplc_gdpr_de_reg_cron_hook');
98
  }
99
 
100
- if (isset($_POST['wplc_gdpr_notice_company'])) { $wplc_data['wplc_gdpr_notice_company'] = esc_attr($_POST['wplc_gdpr_notice_company']); }
101
- if (isset($_POST['wplc_gdpr_notice_retention_purpose'])) { $wplc_data['wplc_gdpr_notice_retention_purpose'] = esc_attr($_POST['wplc_gdpr_notice_retention_purpose']); }
102
- if (isset($_POST['wplc_gdpr_notice_retention_period'])) { $wplc_data['wplc_gdpr_notice_retention_period'] = esc_attr($_POST['wplc_gdpr_notice_retention_period']); }
103
 
104
  return $wplc_data;
105
  }
@@ -138,7 +141,7 @@ function wplc_gdpr_page_layout(){
138
  <form method="GET" action="">
139
  <input type="hidden" name="wplc_gdpr_page_nonce" value="<?php echo $current_nonce; ?>">
140
  <input type="hidden" name="page" value='wplivechat-menu-gdpr-page'>
141
- <input name='term' type="text" value='<?php echo(isset($_GET['term']) ? htmlspecialchars($_GET['term']) : ''); ?>' placeholder="<?php _e('Name, Email, Message', 'wplivechat'); ?>" style='height:30px; width: 70%'>
142
 
143
  <?php do_action('wplc_gdpr_page_search_form_before_submit_hook'); ?>
144
 
@@ -150,7 +153,7 @@ function wplc_gdpr_page_layout(){
150
  <tbody>
151
  <?php
152
  if(isset($_GET['term'])){
153
- $results = wplc_gdpr_return_chat_session_search_results(htmlspecialchars($_GET['term']));
154
 
155
  foreach ($results as $heading => $sub_results) {
156
  $original_heading = $heading;
@@ -188,7 +191,7 @@ function wplc_gdpr_page_layout(){
188
 
189
  ?>
190
  <tr>
191
- <td><?php echo(__('Chat ID', 'wplivechat') . ": " . $cid ); ?></td>
192
  <td>
193
  <?php
194
  foreach ($value as $subkey => $sub_val) {
@@ -199,8 +202,8 @@ function wplc_gdpr_page_layout(){
199
  ?>
200
  </td>
201
  <td>
202
- <a class='button' href='?page=wplivechat-menu-gdpr-page&term=<?php echo(htmlspecialchars($_GET["term"])); ?>&action=delete&filter=<?php echo $action_action_filter; ?>&id=<?php echo htmlspecialchars($cid); ?>&wplc_gdpr_page_nonce=<?php echo $current_nonce; ?>'><?php echo $delete_button_text; ?></a>
203
- <a class='button button-primary' href='?page=wplivechat-menu-gdpr-page&term=<?php echo(htmlspecialchars($_GET["term"])); ?>&action=download&filter=<?php echo $action_action_filter; ?>&id=<?php echo htmlspecialchars($cid); ?>&wplc_gdpr_page_nonce=<?php echo $current_nonce; ?>'><?php echo $download_button_text; ?></a>
204
  </td>
205
  </tr>
206
  <?php
@@ -585,7 +588,7 @@ function wplc_gdpr_disabled_warning(){
585
  $output .= "<p>" . $privacy_warning . " <a href='https://wp-livechat.com/privacy-policy/' target='_blank'>" . __('Privacy Policy', 'wplivechat') . "</a></p>";
586
  $output .= "<p>" . $final_warning . "</p>";
587
  $output .= "<a class='button' href='?page=wplivechat-menu-settings#tabs-privacy' >" . __("Privacy Settings", "wplivechat") . "</a> ";
588
- $output .= "<a class='button' href='?page=" . htmlspecialchars($_GET['page']) ."&wplc_gdpr_dismiss_notice=true' style='color: #fff;background-color: #bb0000;border-color: #c70000;'>" . __("Dismiss & Accept Responsibility", "wplivechat") . "</a>";
589
  $output .= "</div>";
590
  echo $output;
591
  }
1
  <?php
 
2
  /**
3
  * GDPR Compliance Module
4
  */
5
 
6
+ if ( ! defined( 'ABSPATH' ) ) {
7
+ exit;
8
+ }
9
+
10
  add_filter("wplc_activate_default_settings_array", "wplc_gdpr_set_default_settings", 10, 1);
11
  /*
12
  * Sets the default GDPR options
92
  function wplc_gdpr_settings_save_hooked($wplc_data){
93
 
94
  if (isset($_POST['wplc_gdpr_enabled'])) {
95
+ $wplc_data['wplc_gdpr_enabled'] = sanitize_text_field($_POST['wplc_gdpr_enabled']);
96
  do_action('wplc_gdpr_reg_cron_hook');
97
 
98
  update_option('WPLC_GDPR_DISABLED_WARNING_DISMISSED', 'false');
100
  do_action('wplc_gdpr_de_reg_cron_hook');
101
  }
102
 
103
+ if (isset($_POST['wplc_gdpr_notice_company'])) { $wplc_data['wplc_gdpr_notice_company'] = sanitize_text_field($_POST['wplc_gdpr_notice_company']); }
104
+ if (isset($_POST['wplc_gdpr_notice_retention_purpose'])) { $wplc_data['wplc_gdpr_notice_retention_purpose'] = sanitize_text_field($_POST['wplc_gdpr_notice_retention_purpose']); }
105
+ if (isset($_POST['wplc_gdpr_notice_retention_period'])) { $wplc_data['wplc_gdpr_notice_retention_period'] = sanitize_text_field($_POST['wplc_gdpr_notice_retention_period']); }
106
 
107
  return $wplc_data;
108
  }
141
  <form method="GET" action="">
142
  <input type="hidden" name="wplc_gdpr_page_nonce" value="<?php echo $current_nonce; ?>">
143
  <input type="hidden" name="page" value='wplivechat-menu-gdpr-page'>
144
+ <input name='term' type="text" value='<?php echo(isset($_GET['term']) ? htmlspecialchars(sanitize_text_field($_GET['term'])) : ''); ?>' placeholder="<?php _e('Name, Email, Message', 'wplivechat'); ?>" style='height:30px; width: 70%'>
145
 
146
  <?php do_action('wplc_gdpr_page_search_form_before_submit_hook'); ?>
147
 
153
  <tbody>
154
  <?php
155
  if(isset($_GET['term'])){
156
+ $results = wplc_gdpr_return_chat_session_search_results(htmlspecialchars(sanitize_text_field($_GET['term'])));
157
 
158
  foreach ($results as $heading => $sub_results) {
159
  $original_heading = $heading;
191
 
192
  ?>
193
  <tr>
194
+ <td><?php echo(__('Chat ID', 'wplivechat') . ": " . sanitize_text_field($cid) ); ?></td>
195
  <td>
196
  <?php
197
  foreach ($value as $subkey => $sub_val) {
202
  ?>
203
  </td>
204
  <td>
205
+ <a class='button' href='?page=wplivechat-menu-gdpr-page&term=<?php echo(htmlspecialchars(sanitize_text_field($_GET["term"]))); ?>&action=delete&filter=<?php echo $action_action_filter; ?>&id=<?php echo htmlspecialchars($cid); ?>&wplc_gdpr_page_nonce=<?php echo $current_nonce; ?>'><?php echo $delete_button_text; ?></a>
206
+ <a class='button button-primary' href='?page=wplivechat-menu-gdpr-page&term=<?php echo(htmlspecialchars(sanitize_text_field($_GET["term"]))); ?>&action=download&filter=<?php echo $action_action_filter; ?>&id=<?php echo htmlspecialchars($cid); ?>&wplc_gdpr_page_nonce=<?php echo $current_nonce; ?>'><?php echo $download_button_text; ?></a>
207
  </td>
208
  </tr>
209
  <?php
588
  $output .= "<p>" . $privacy_warning . " <a href='https://wp-livechat.com/privacy-policy/' target='_blank'>" . __('Privacy Policy', 'wplivechat') . "</a></p>";
589
  $output .= "<p>" . $final_warning . "</p>";
590
  $output .= "<a class='button' href='?page=wplivechat-menu-settings#tabs-privacy' >" . __("Privacy Settings", "wplivechat") . "</a> ";
591
+ $output .= "<a class='button' href='?page=" . htmlspecialchars(sanitize_text_field($_GET['page'])) ."&wplc_gdpr_dismiss_notice=true' style='color: #fff;background-color: #bb0000;border-color: #c70000;'>" . __("Dismiss & Accept Responsibility", "wplivechat") . "</a>";
592
  $output .= "</div>";
593
  echo $output;
594
  }
modules/google_analytics.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
-
 
 
3
 
4
  /*
5
  * Adds 'Google Analytics' content to settings area
@@ -38,7 +40,7 @@ function wplc_ga_integraton_save_settings() {
38
  if (isset($_POST['wplc_save_settings'])) {
39
 
40
  $wplc_ga_data = array();
41
- if (isset($_POST['wplc_enable_ga'])) { $wplc_ga_data['wplc_enable_ga'] = esc_attr($_POST['wplc_enable_ga']); }
42
 
43
  update_option('WPLC_GA_SETTINGS', $wplc_ga_data);
44
 
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
 
6
  /*
7
  * Adds 'Google Analytics' content to settings area
40
  if (isset($_POST['wplc_save_settings'])) {
41
 
42
  $wplc_ga_data = array();
43
+ if (isset($_POST['wplc_enable_ga'])) { $wplc_ga_data['wplc_enable_ga'] = sanitize_text_field($_POST['wplc_enable_ga']); }
44
 
45
  update_option('WPLC_GA_SETTINGS', $wplc_ga_data);
46
 
modules/module_gif.php CHANGED
@@ -1,5 +1,9 @@
1
  <?php
2
 
 
 
 
 
3
  add_action( 'wp_ajax_wplc_search_gif', 'wplc_search_gif' );
4
  add_action( 'wp_ajax_nopriv_my_action', 'wplc_search_gif');
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
  add_action( 'wp_ajax_wplc_search_gif', 'wplc_search_gif' );
8
  add_action( 'wp_ajax_nopriv_my_action', 'wplc_search_gif');
9
 
modules/node_server.php CHANGED
@@ -3,6 +3,10 @@
3
  * Node Code -> Insert pun here
4
  */
5
 
 
 
 
 
6
  define("BLEEPER_REMOTE_DASH_ROUTE", "remote_dashboard.php");
7
  define("BLEEPER_NODE_SERVER_URL", "https://livechat-016.us-3.evennode.com");
8
 
@@ -88,7 +92,7 @@ function wplc_admin_dashboard() {
88
  <?php if (!isset($variables['pro'])){ ?>
89
  <span class="agent_count">1 <a class="wplc-agent-info" id='wplc-agent-info' href="javascript:void(0);">Agent(s) Online</a></span>
90
  <?php } else { ?>
91
- <span class="agent_count"><?php echo (isset($variables['agent_count']) ? $variables['agent_count'] : "1"); ?> Agent(s) Online</span>
92
  <?php } ?>
93
  <span class='history_link'><a href='./admin.php?page=wplivechat-menu-history' target='_BLANK' id='wplc_history_link'>Chat History</a></span>
94
  <div class='userListBox_Wrapper'>
@@ -506,7 +510,7 @@ function wplc_node_async_storage_ajax(){
506
  $chat_id = sanitize_text_field($_POST['chat_id']);
507
  $message_data = json_decode($_POST['messages']);
508
  $chat_session = wplc_return_chat_session_variable($chat_id);
509
- $action = $_POST['relay_action'];
510
  if($message_data !== NULL){
511
  if($action == "wplc_user_send_msg"){
512
  foreach ($message_data as $message) {
@@ -747,12 +751,11 @@ function wplc_admin_remote_dashboard_scripts($wplc_settings){
747
 
748
 
749
  wp_localize_script('wplc-admin-js-agent', 'bleeper_remote_form_data_array', $form_data);
750
- wp_localize_script('wplc-admin-js-agent', 'bleeper_remote_form_api_url', WLPC_UPDATE_SERVER.'/remote_files/');
751
- wp_localize_script('wplc-admin-js-agent', 'bleeper_remote_form_route', 'dashboard.php');
752
 
753
 
754
  if ( isset( $_GET['page'] ) && $_GET['page'] === 'wplivechat-menu' ) {
755
- wp_localize_script('wplc-admin-js-agent', 'bleeper_in_dashboard', '1');
756
  } else {
757
  wp_localize_script('wplc-admin-js-agent', 'bleeper_in_dashboard', '0');
758
  }
@@ -782,9 +785,11 @@ function wplc_admin_remote_dashboard_scripts($wplc_settings){
782
  wp_localize_script('wplc-admin-js-agent', 'bleeper_agent_name', apply_filters("wplc_agent_display_name_filter", $agent_display_name) );
783
  wp_localize_script('wplc-admin-js-agent', 'nifty_api_key', get_option("wplc_node_server_secret_token"));
784
 
785
- //For node verification
786
- wp_localize_script('wplc-admin-js-agent', 'wplc_pro_auth', get_option('wp-live-chat-support-pro_key', "false"));
787
- wp_localize_script('wplc-admin-js-agent', 'bleeper_agent_verification_end_point', rest_url('wp_live_chat_support/v1/validate_agent'));
 
 
788
  wp_localize_script('wplc-admin-js-agent', 'bleeper_disable_mongo', "true");
789
  wp_localize_script('wplc-admin-js-agent', 'bleeper_disable_add_message', "true");
790
  wp_localize_script('wplc-admin-js-agent', 'wplc_nonce', wp_create_nonce("wplc"));
@@ -972,45 +977,6 @@ if ( ! function_exists( "wplc_active_chat_box_notices" ) ) {
972
  }
973
  }
974
 
975
-
976
- /*
977
- * Checks if the API key is valid or not
978
- * Returns true or false
979
- */
980
- function wplc_node_compat_pro_api_key_is_valid_post(){
981
- $wplc_pro_validation_url = WLPC_UPDATE_SERVER."/auth_api/api-control/";
982
- $wplc_pro_option_key = "wp-live-chat-support-pro_key";
983
- $wplc_pro_slug = "wp-live-chat-support-pro";
984
- $is_valid = false; //By default it is false
985
- if (get_option($wplc_pro_option_key)) {
986
- $args = array(
987
- 'slug' => $wplc_pro_slug,
988
- );
989
- $data_array = array(
990
- 'method' => 'POST',
991
- 'body' => array(
992
- 'action' => 'api_validation',
993
- 'd' => get_option('siteurl'),
994
- 'request' => serialize($args),
995
- 'api_key' => get_option($wplc_pro_option_key)
996
- ));
997
- $response = wp_remote_post($wplc_pro_validation_url, $data_array);
998
- if (is_array($response)) {
999
- if ( $response['response']['code'] == "200" ) {
1000
- $data = $response['body'];
1001
- $data = unserialize($data);
1002
-
1003
- if(isset($data['status']) && $data['status'] === "OK"){
1004
- $is_valid = true;
1005
- }
1006
- }
1007
- }
1008
-
1009
- }
1010
-
1011
- return $is_valid;
1012
- }
1013
-
1014
  add_action("admin_notices", "wplc_node_v8_plus_notice_dismissable");
1015
  /*
1016
  * Displays an admin notice (which can be dismissed), to notify any V8+ users of the node option (if not already checked)
@@ -1018,7 +984,7 @@ add_action("admin_notices", "wplc_node_v8_plus_notice_dismissable");
1018
  function wplc_node_v8_plus_notice_dismissable() {
1019
  $page='';
1020
  if (isset($_GET['page'])){
1021
- $page=preg_replace('/[^a-z0-9-]/', '', $_GET['page']);
1022
  }
1023
  if (!empty($page) && strpos($page, 'wplivechat') === 0) { // only if it begins with wplivechat
1024
  if (isset($_GET['wplc_dismiss_notice_v8']) && $_GET['wplc_dismiss_notice_v8'] === "true") {
@@ -1199,10 +1165,10 @@ function wplc_admin_remote_dashboard_localize_variables(){
1199
 
1200
  wp_localize_script( 'wplc-admin-js-agent', 'bleeper_default_department_tag', 'any' );
1201
  }
1202
- wp_localize_script( 'wplc-admin-js-agent', 'wplc_integration_pro_active', "true");
1203
 
1204
  if ( !empty( $user_department ) ) {
1205
- wp_localize_script( 'wplc-admin-js-agent', 'bleeper_agent_department', $user_department);
1206
  }
1207
 
1208
  if (isset($wplc_settings['wplc_node_disable_typing_preview']) && $wplc_settings['wplc_node_disable_typing_preview'] == '1') {
@@ -1213,13 +1179,14 @@ function wplc_admin_remote_dashboard_localize_variables(){
1213
  } else {
1214
  $wplc_ringtone_selected = WPLC_PLUGIN_URL.'includes/sounds/general/ring.wav';
1215
  }
1216
- if (isset($wplc_settings['wplc_messagetone'])) {
 
1217
  $wplc_messagetone_selected = str_replace("http:", "", $wplc_settings['wplc_messagetone'] );
1218
  } else {
1219
  $wplc_messagetone_selected = WPLC_PLUGIN_URL.'includes/sounds/general/ding.mp3';
1220
  }
1221
 
1222
- wp_localize_script( 'wplc-admin-js-agent', 'bleeper_ring_override', $wplc_ringtone_selected);
1223
  wp_localize_script( 'wplc-admin-js-agent', 'bleeper_message_override', $wplc_messagetone_selected);
1224
 
1225
  wp_register_script('wplc-admin-chat-events-pro', WPLC_PLUGIN_URL . 'js/wplc_admin_pro_events.js', array("wplc-admin-js-agent", "wplc-admin-chat-events", "wplc-admin-chat-server"), WPLC_PLUGIN_VERSION, false); //Added this for async storage calls
@@ -1292,8 +1259,8 @@ add_action("wplc_admin_remote_dashboard_above", "wplc_admin_remote_dashboard_qui
1292
  function wplc_admin_remote_dashboard_quick_responses_container_mrg(){
1293
 
1294
  $wplc_settings = get_option( 'WPLC_SETTINGS' );
1295
- $wplc_quick_response_order_by = isset( $wplc_settings['wplc_quick_response_orderby'] ) ? esc_attr( $wplc_settings['wplc_quick_response_orderby'] ) : 'title';
1296
- $wplc_quick_response_order = isset( $wplc_settings['wplc_quick_response_order'] ) ? esc_attr( $wplc_settings['wplc_quick_response_order'] ) : 'DESC';
1297
  $args = array(
1298
  'posts_per_page' => -1,
1299
  'offset' => 0,
3
  * Node Code -> Insert pun here
4
  */
5
 
6
+ if ( ! defined( 'ABSPATH' ) ) {
7
+ exit;
8
+ }
9
+
10
  define("BLEEPER_REMOTE_DASH_ROUTE", "remote_dashboard.php");
11
  define("BLEEPER_NODE_SERVER_URL", "https://livechat-016.us-3.evennode.com");
12
 
92
  <?php if (!isset($variables['pro'])){ ?>
93
  <span class="agent_count">1 <a class="wplc-agent-info" id='wplc-agent-info' href="javascript:void(0);">Agent(s) Online</a></span>
94
  <?php } else { ?>
95
+ <span class="agent_count"><?php echo (isset($variables['agent_count']) ? intval($variables['agent_count']) : "1"); ?> Agent(s) Online</span>
96
  <?php } ?>
97
  <span class='history_link'><a href='./admin.php?page=wplivechat-menu-history' target='_BLANK' id='wplc_history_link'>Chat History</a></span>
98
  <div class='userListBox_Wrapper'>
510
  $chat_id = sanitize_text_field($_POST['chat_id']);
511
  $message_data = json_decode($_POST['messages']);
512
  $chat_session = wplc_return_chat_session_variable($chat_id);
513
+ $action = sanitize_text_field($_POST['relay_action']);
514
  if($message_data !== NULL){
515
  if($action == "wplc_user_send_msg"){
516
  foreach ($message_data as $message) {
751
 
752
 
753
  wp_localize_script('wplc-admin-js-agent', 'bleeper_remote_form_data_array', $form_data);
754
+ wp_localize_script('wplc-admin-js-agent', 'bleeper_remote_form_route', 'dashboard.php');
 
755
 
756
 
757
  if ( isset( $_GET['page'] ) && $_GET['page'] === 'wplivechat-menu' ) {
758
+ wp_localize_script('wplc-admin-js-agent', 'bleeper_in_dashboard', '1');
759
  } else {
760
  wp_localize_script('wplc-admin-js-agent', 'bleeper_in_dashboard', '0');
761
  }
785
  wp_localize_script('wplc-admin-js-agent', 'bleeper_agent_name', apply_filters("wplc_agent_display_name_filter", $agent_display_name) );
786
  wp_localize_script('wplc-admin-js-agent', 'nifty_api_key', get_option("wplc_node_server_secret_token"));
787
 
788
+ //For node verification
789
+ wplc_check_guid();
790
+
791
+ wp_localize_script('wplc-admin-js-agent', 'wplc_guid', get_option('WPLC_GUID', ''));
792
+ wp_localize_script('wplc-admin-js-agent', 'bleeper_agent_verification_end_point', rest_url('wp_live_chat_support/v1/validate_agent'));
793
  wp_localize_script('wplc-admin-js-agent', 'bleeper_disable_mongo', "true");
794
  wp_localize_script('wplc-admin-js-agent', 'bleeper_disable_add_message', "true");
795
  wp_localize_script('wplc-admin-js-agent', 'wplc_nonce', wp_create_nonce("wplc"));
977
  }
978
  }
979
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
980
  add_action("admin_notices", "wplc_node_v8_plus_notice_dismissable");
981
  /*
982
  * Displays an admin notice (which can be dismissed), to notify any V8+ users of the node option (if not already checked)
984
  function wplc_node_v8_plus_notice_dismissable() {
985
  $page='';
986
  if (isset($_GET['page'])){
987
+ $page=preg_replace('/[^a-z0-9-]/', '', sanitize_text_field($_GET['page']));
988
  }
989
  if (!empty($page) && strpos($page, 'wplivechat') === 0) { // only if it begins with wplivechat
990
  if (isset($_GET['wplc_dismiss_notice_v8']) && $_GET['wplc_dismiss_notice_v8'] === "true") {
1165
 
1166
  wp_localize_script( 'wplc-admin-js-agent', 'bleeper_default_department_tag', 'any' );
1167
  }
1168
+ wp_localize_script( 'wplc-admin-js-agent', 'wplc_integration_pro_active', "true");
1169
 
1170
  if ( !empty( $user_department ) ) {
1171
+ wp_localize_script( 'wplc-admin-js-agent', 'bleeper_agent_department', $user_department);
1172
  }
1173
 
1174
  if (isset($wplc_settings['wplc_node_disable_typing_preview']) && $wplc_settings['wplc_node_disable_typing_preview'] == '1') {
1179
  } else {
1180
  $wplc_ringtone_selected = WPLC_PLUGIN_URL.'includes/sounds/general/ring.wav';
1181
  }
1182
+
1183
+ if (!empty($wplc_settings['wplc_messagetone'])) {
1184
  $wplc_messagetone_selected = str_replace("http:", "", $wplc_settings['wplc_messagetone'] );
1185
  } else {
1186
  $wplc_messagetone_selected = WPLC_PLUGIN_URL.'includes/sounds/general/ding.mp3';
1187
  }
1188
 
1189
+ wp_localize_script( 'wplc-admin-js-agent', 'bleeper_ring_override', $wplc_ringtone_selected);
1190
  wp_localize_script( 'wplc-admin-js-agent', 'bleeper_message_override', $wplc_messagetone_selected);
1191
 
1192
  wp_register_script('wplc-admin-chat-events-pro', WPLC_PLUGIN_URL . 'js/wplc_admin_pro_events.js', array("wplc-admin-js-agent", "wplc-admin-chat-events", "wplc-admin-chat-server"), WPLC_PLUGIN_VERSION, false); //Added this for async storage calls
1259
  function wplc_admin_remote_dashboard_quick_responses_container_mrg(){
1260
 
1261
  $wplc_settings = get_option( 'WPLC_SETTINGS' );
1262
+ $wplc_quick_response_order_by = isset( $wplc_settings['wplc_quick_response_orderby'] ) ? sanitize_text_field( $wplc_settings['wplc_quick_response_orderby'] ) : 'title';
1263
+ $wplc_quick_response_order = isset( $wplc_settings['wplc_quick_response_order'] ) ? sanitize_text_field( $wplc_settings['wplc_quick_response_order'] ) : 'DESC';
1264
  $args = array(
1265
  'posts_per_page' => -1,
1266
  'offset' => 0,
modules/offline_messages_custom_fields.php CHANGED
@@ -1,4 +1,9 @@
1
  <?php
 
 
 
 
 
2
  add_action( "wplc_hook_offline_custom_fields_integration_settings", "wplc_hook_control_offline_custom_fields_integration_settings", 10 );
3
 
4
  function wplc_hook_control_offline_custom_fields_integration_settings() {
1
  <?php
2
+
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
  add_action( "wplc_hook_offline_custom_fields_integration_settings", "wplc_hook_control_offline_custom_fields_integration_settings", 10 );
8
 
9
  function wplc_hook_control_offline_custom_fields_integration_settings() {
modules/privacy.php CHANGED
@@ -1,9 +1,12 @@
1
  <?php
2
-
3
  /**
4
  * Privacy module
5
  */
6
 
 
 
 
 
7
  require_once (plugin_dir_path(__FILE__) . "gdpr.php");
8
 
9
  add_filter("wplc_filter_setting_tabs","wplc_privacy_settings_tab_heading");
1
  <?php
 
2
  /**
3
  * Privacy module
4
  */
5
 
6
+ if ( ! defined( 'ABSPATH' ) ) {
7
+ exit;
8
+ }
9
+
10
  require_once (plugin_dir_path(__FILE__) . "gdpr.php");
11
 
12
  add_filter("wplc_filter_setting_tabs","wplc_privacy_settings_tab_heading");
modules/webhooks_manager.php CHANGED
@@ -1,5 +1,9 @@
1
  <?php
2
 
 
 
 
 
3
  global $wplc_webhook_table, $wplc_webhook_events;
4
  $wplc_webhook_table = $wpdb->prefix . "wplc_webhooks";
5
 
@@ -119,8 +123,8 @@ function wplc_webhook_add_webhook(){
119
  }
120
 
121
  $event = intval($_POST['add_webhook_event']);
122
- $action_url = esc_attr($_POST['add_webhook_domain']);
123
- $method = isset($_POST['add_webhook_method']) ? esc_attr($_POST['add_webhook_method']) : "GET" ;
124
 
125
  $sql = "INSERT INTO $wplc_webhook_table SET `url` = '%s', `action` = '%s', `method` = '%s' ";
126
  $sql = $wpdb->prepare($sql, $action_url, $event, $method);
@@ -146,8 +150,8 @@ function wplc_webhook_edit_webhook(){
146
  }
147
 
148
  $event = intval($_POST['add_webhook_event']);
149
- $action_url = esc_attr($_POST['add_webhook_domain']);
150
- $method = isset($_POST['add_webhook_method']) ? esc_attr($_POST['add_webhook_method']) : "GET" ;
151
 
152
  $sql = "UPDATE $wplc_webhook_table SET `url` = '%s', `action` = '%s', `method` = '%s' WHERE `id` = '%d' LIMIT 1";
153
  $sql = $wpdb->prepare($sql, $action_url, $event, $method, $webhook_id);
@@ -380,53 +384,34 @@ function wplc_webhook_send($event_code, $payload){
380
  if($target_url !== false && $target_url !== ""){
381
  $result = "";
382
  if($method === "POST"){
383
-
384
- $options = array(
385
- 'http' => array(
386
- 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
387
- 'method' => $method,
388
- 'content' => http_build_query($payload)
 
 
 
 
 
389
  )
390
  );
391
- $context = @stream_context_create($options);
392
- $result = @file_get_contents($target_url, false, $context);
393
-
394
- if(!$result){
395
- //Post failed, we try curly
396
- $curl = curl_init();
397
- curl_setopt_array($curl, array(
398
- CURLOPT_RETURNTRANSFER => 1,
399
- CURLOPT_URL => $target_url,
400
- CURLOPT_USERAGENT => 'WPLC Request',
401
- CURLOPT_POST => 1,
402
- CURLOPT_POSTFIELDS => $payload
403
- ));
404
- $result = curl_exec($curl);
405
- curl_close($curl);
406
- if(!$result){
407
- //This has failed twice
408
- $error_found = true;
409
- $result = "Failed! No Response.";
410
- }
411
  }
412
  } else {
 
 
413
  $get_data = http_build_query($payload);
414
- $result = @file_get_contents($target_url."?".$get_data);
415
- if(!$result){
416
- //Get request failed with get contents - Gooi a curly
417
- $curl = curl_init();
418
- curl_setopt_array($curl, array(
419
- CURLOPT_RETURNTRANSFER => 1,
420
- CURLOPT_URL => $target_url."?".$get_data,
421
- CURLOPT_USERAGENT => 'WPLC Request'
422
- ));
423
- $result = curl_exec($curl);
424
- curl_close($curl);
425
- if(!$result){
426
- //This has failed twice
427
- $error_found = true;
428
- $result = "Failed! No Response.";
429
- }
430
  }
431
  }
432
  }
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) {
4
+ exit;
5
+ }
6
+
7
  global $wplc_webhook_table, $wplc_webhook_events;
8
  $wplc_webhook_table = $wpdb->prefix . "wplc_webhooks";
9
 
123
  }
124
 
125
  $event = intval($_POST['add_webhook_event']);
126
+ $action_url = sanitize_text_field($_POST['add_webhook_domain']);
127
+ $method = isset($_POST['add_webhook_method']) ? sanitize_text_field($_POST['add_webhook_method']) : "GET" ;
128
 
129
  $sql = "INSERT INTO $wplc_webhook_table SET `url` = '%s', `action` = '%s', `method` = '%s' ";
130
  $sql = $wpdb->prepare($sql, $action_url, $event, $method);
150
  }
151
 
152
  $event = intval($_POST['add_webhook_event']);
153
+ $action_url = sanitize_text_field($_POST['add_webhook_domain']);
154
+ $method = isset($_POST['add_webhook_method']) ? sanitize_text_field($_POST['add_webhook_method']) : "GET" ;
155
 
156
  $sql = "UPDATE $wplc_webhook_table SET `url` = '%s', `action` = '%s', `method` = '%s' WHERE `id` = '%d' LIMIT 1";
157
  $sql = $wpdb->prepare($sql, $action_url, $event, $method, $webhook_id);
384
  if($target_url !== false && $target_url !== ""){
385
  $result = "";
386
  if($method === "POST"){
387
+ /** Replaced with WP HTTP API Calls */
388
+
389
+ $response = wp_remote_post( $target_url, array(
390
+ 'method' => 'POST',
391
+ 'timeout' => 45,
392
+ 'redirection' => 5,
393
+ 'httpversion' => '1.0',
394
+ 'blocking' => true,
395
+ 'headers' => array(),
396
+ 'body' => $payload,
397
+ 'cookies' => array()
398
  )
399
  );
400
+
401
+ if ( is_wp_error( $response ) ) {
402
+ //This has failed
403
+ $error_found = true;
404
+ $result = "Failed! No Response.";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
405
  }
406
  } else {
407
+ /** Replaced with WP HTTP API Calls */
408
+
409
  $get_data = http_build_query($payload);
410
+ $response = wp_remote_get($target_url."?".$get_data);
411
+ if ( is_wp_error( $response ) ) {
412
+ //This has failed
413
+ $error_found = true;
414
+ $result = "Failed! No Response.";
 
 
 
 
 
 
 
 
 
 
 
415
  }
416
  }
417
  }
readme.txt CHANGED
@@ -99,6 +99,26 @@ One of the most important tasks of your website is to educate potential customer
99
 
100
  You now have the choice to host your live chat on either your own website (using your own resources) or our live chat server (using our resources). Making use of our live chat server will improve your chat's performance by up to 300% and reduce the load on your host. Although we initially built our live chat plugin to be used on your own website and for you to host your own live chat server, we now offer you the ability to make use of an offsite live chat server - this is perfect for users that are on low-level hosting packages, or users that are more concerned about live chat performance and chat security.
101
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
102
  = Translations =
103
 
104
  * English
@@ -189,6 +209,9 @@ If the live chat box still does not appear on your website, please go through th
189
 
190
 
191
  == Upgrade Notice ==
 
 
 
192
  = 8.0.30 =
193
  It is highly recommended that you upgrade to WP Live Chat Support version 8.0.30 for security reasons.
194
 
@@ -245,6 +268,18 @@ We have patched the PHPMailer vulnerability. Please update to version 7.0.02.
245
 
246
 
247
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
 
 
248
 
249
  = 8.0.30 - 2019-05-20 - High priority =
250
  * Security revision, code updated with latest security best practices
@@ -263,6 +298,14 @@ We have patched the PHPMailer vulnerability. Please update to version 7.0.02.
263
  * Changed position/style of Online/Offline toggle
264
  * Changed loading of wplc_node.js file on the frontend to use wp_enqueue_script
265
  * Deprecated 'wplc_submit_find_us' handler as this is no longer in use
 
 
 
 
 
 
 
 
266
 
267
  = 8.0.29 - 2019-05-17 - High priority =
268
  * Security fix in Custom JS configuration
99
 
100
  You now have the choice to host your live chat on either your own website (using your own resources) or our live chat server (using our resources). Making use of our live chat server will improve your chat's performance by up to 300% and reduce the load on your host. Although we initially built our live chat plugin to be used on your own website and for you to host your own live chat server, we now offer you the ability to make use of an offsite live chat server - this is perfect for users that are on low-level hosting packages, or users that are more concerned about live chat performance and chat security.
101
 
102
+ = External/3rd Party Services =
103
+
104
+ WP Live Chat Support makes use of the external services listed below in order to add functionality to the plugin to enrich user experience.
105
+
106
+ = WP Live Chat Activation API (https://activation.wp-livechat.com) (Required) =
107
+ We use a server side generated unique identifier (GUID) in order to guarantee proper identification and secure communication between agents and visitors connected to same website. This is needed because a client side identifier could be spoofed. The only information sent with this API is your website URL, so your personal data is not sent to our servers. We only store website URL and corresponding GUID. WP Live Chat Support Privacy Policy: https://wp-livechat.com/privacy-policy/
108
+
109
+ = Gravatar (https://en.gravatar.com/) (Required) =
110
+ We use Gravatars to generate user and agent avatars within the live chat environemnt. This process is anonymized using the hashed email address of the visitor or agent respectively. Gravatar Privacy Policy: https://automattic.com/privacy/
111
+
112
+ = Giphy (https://giphy.com/) (Optional) =
113
+ We allow the use of Giphy within the Gif integration system which allows agents and visitors to send gifs within the chat. This option can be disabled entirely, and is not enabled by default. This service does require an external API key for the respective service. Giphy Privacy Policy: https://giphy.com/privacy
114
+
115
+ = Tenor (https://tenor.com/) (Optional) =
116
+ We allow the use of Tenor within the Gif integration system which allows agents and visitors to send gifs within the chat. This option can be disabled entirely, and is not enabled by default. This service does require an external API key for the respective service. Tenor Privacy Policy: https://tenor.com/legal-terms
117
+
118
+ = Nimble Squirrel Surveys (http://nimblesquirrel.com/) (Optional) =
119
+ We allow integration With Nimble Squirrel Surveys to allow surveys to be included before/after a chat is started. This service is optional, and is not enabled by default. You can enable this service from within the survey settings menu. It will require an external registration on Nimble Squirrel in order to make use of the service. Nimble Squirrel Privacy Policy: http://nimblesquirrel.com/privacy-policy/
120
+
121
+
122
  = Translations =
123
 
124
  * English
209
 
210
 
211
  == Upgrade Notice ==
212
+ = 8.0.31 =
213
+ It is highly recommended that you upgrade to WP Live Chat Support version 8.0.30 for security reasons.
214
+
215
  = 8.0.30 =
216
  It is highly recommended that you upgrade to WP Live Chat Support version 8.0.30 for security reasons.
217
 
268
 
269
 
270
  == Changelog ==
271
+ = 8.0.31 - 2019-05-30 - High priority =
272
+ * Additional sanitization and security cleanup
273
+ * Added upgrade check to clear custom JS prior to version 8.0.31
274
+ * Updated readme to document use of external services
275
+ * Fixed a bug in departments transfer where name is not defined
276
+ * Fixed issue with GUID not being generated after re-activation
277
+ * Fixed issue with escape loop in settings area
278
+ * Removed setting to disable remote servers
279
+ * Removed local encryption functionality, every chat message is using HTTPS secure connection
280
+ * Removed AES and CryptoHelpers as these are no longer used
281
+ * Removed manual inclusion of SMTP and PHPMailer
282
+ * Removed mail type setting, along with SMTP options
283
 
284
  = 8.0.30 - 2019-05-20 - High priority =
285
  * Security revision, code updated with latest security best practices
298
  * Changed position/style of Online/Offline toggle
299
  * Changed loading of wplc_node.js file on the frontend to use wp_enqueue_script
300
  * Deprecated 'wplc_submit_find_us' handler as this is no longer in use
301
+ * Removed any reference to Pro version
302
+ * Replaced all CURL requests with WordPress HTTP API requests
303
+ * Removed hardocded media.tenor image reference (loading graphic in GIF integration)
304
+ * Replaced all 'esc_' calls with respective WordPress sanitization calls
305
+ * Added sanitization to all $_GET and $_POST variable to prevent any injection or storage of unsafe values
306
+ * Deprecated 'wplc_api_call_to_server_visitor' REST endpoint as it was not in use and made use of session data
307
+ * Removed AJAX use of 'ob_start' to improve performance
308
+ * Added checks to prevent direct file access.
309
 
310
  = 8.0.29 - 2019-05-17 - High priority =
311
  * Security fix in Custom JS configuration
wp-live-chat-support.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WP Live Chat Support
4
  Plugin URI: http://www.wp-livechat.com
5
  Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support.
6
- Version: 8.0.30
7
  Author: WP-LiveChat
8
  Author URI: http://www.wp-livechat.com
9
  Text Domain: wplivechat
@@ -11,6 +11,19 @@
11
  */
12
 
13
  /*
 
 
 
 
 
 
 
 
 
 
 
 
 
14
  * 8.0.30 - 2019-05-20 - High priority
15
  * Security revision, code updated with latest security best practices
16
  * Removed all external dependencies
@@ -28,6 +41,14 @@
28
  * Changed position/style of Online/Offline toggle
29
  * Changed loading of wplc_node.js file on the frontend to use wp_enqueue_script
30
  * Deprecated 'wplc_submit_find_us' handler as this is no longer in use
 
 
 
 
 
 
 
 
31
  *
32
  * 8.0.29 - 2019-05-17 - High priority
33
  * Security fix in Custom JS configuration
@@ -167,6 +188,10 @@
167
  * Fixed a bug that caused a fatal error on PHP 5.3 and below
168
  */
169
 
 
 
 
 
170
  global $wplc_p_version;
171
  global $wplc_tblname;
172
  global $wpdb;
@@ -231,7 +256,6 @@ function is_pro_present() {
231
  require_once (plugin_dir_path(__FILE__) . "includes/surveys.php");
232
  require_once (plugin_dir_path(__FILE__) . "includes/notification_control.php");
233
  require_once (plugin_dir_path(__FILE__) . "includes/modal_control.php");
234
- require_once (plugin_dir_path(__FILE__) . "includes/update_control.class.php");
235
  require_once (plugin_dir_path(__FILE__) . "includes/wplc_data_triggers.php");
236
  require_once (plugin_dir_path(__FILE__) . "includes/wplc_roi.php");
237
  require_once (plugin_dir_path(__FILE__) . "includes/wplc_departments.php");
@@ -256,9 +280,6 @@ require_once (plugin_dir_path(__FILE__) . "modules/api/wplc-api.php");
256
  require_once (plugin_dir_path(__FILE__) . "modules/cta_animations.php");
257
  require_once (plugin_dir_path(__FILE__) . "modules/advanced_tools.php");
258
 
259
- if (class_exists("AES")) { } else { require( 'includes/aes_fast.php'); }
260
- if (class_exists("cryptoHelpers")) { } else { require( 'includes/cryptoHelpers.php'); }
261
-
262
  // Gutenberg Blocks
263
  require_once (plugin_dir_path(__FILE__) . "includes/blocks/wplc-chat-box/index.php");
264
  require_once (plugin_dir_path(__FILE__) . "includes/blocks/wplc-inline-chat-box/index.php");
@@ -267,6 +288,7 @@ require_once (plugin_dir_path(__FILE__) . "includes/blocks/wplc-inline-chat-box/
267
  require_once (plugin_dir_path(__FILE__) . "includes/shortcodes.php");
268
 
269
  add_action('admin_init', 'detect_old_pro_plugin');
 
270
  add_action('init', 'wplc_version_control');
271
  add_action('init', 'wplc_init');
272
  add_action('init', 'wplc_mrg_create_macro_post_type',100);
@@ -380,6 +402,16 @@ function wplc_version_control() {
380
 
381
  }
382
 
 
 
 
 
 
 
 
 
 
 
383
 
384
  $admins = get_role('administrator');
385
  if( $admins !== null ) {
@@ -506,6 +538,30 @@ function wplc_hook_control_remove_transient() {
506
  delete_transient('wplc_is_admin_logged_in');
507
  }
508
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
509
  function wplc_action_callback() {
510
  global $wpdb;
511
  $check = check_ajax_referer('wplc', 'security');
@@ -525,14 +581,17 @@ function wplc_action_callback() {
525
  }
526
  } else if ($_POST['action'] == "wplc_user_send_offline_message") {
527
  $cid=intval($_POST['cid']);
528
- if (function_exists('wplc_send_offline_msg')){ wplc_send_offline_msg($_POST['name'], $_POST['email'], $_POST['msg'], $cid); }
529
- if (function_exists('wplc_store_offline_message')){ wplc_store_offline_message($_POST['name'], $_POST['email'], $_POST['msg']); }
 
 
 
530
  do_action("wplc_hook_offline_message",array(
531
  "cid"=>$cid,
532
- "name"=>$_POST['name'],
533
- "email"=>$_POST['email'],
534
  "url"=>get_site_url(),
535
- "msg"=>$_POST['msg']
536
  ));
537
  } else if ($_POST['action'] == "wplc_admin_set_transient") {
538
  do_action("wplc_hook_set_transient");
@@ -585,12 +644,6 @@ if (!function_exists("wplc_first_run_check")) {
585
  update_option("WPLC_CHOOSE_FIRST_RUN",true);
586
  }
587
 
588
- if (!get_option("WPLC_ENCRYPT_FIRST_RUN")) {
589
- $wplc_encrypt_data['wplc_enable_encryption'] = 0;
590
- update_option('WPLC_ENCRYPT_SETTINGS', $wplc_encrypt_data);
591
- update_option("WPLC_ENCRYPT_FIRST_RUN",true);
592
- }
593
-
594
  if (!get_option("WPLC_INEX_FIRST_RUN")) {
595
  $wplc_inex_data['wplc_exclude_from_pages'] = "";
596
  $wplc_inex_data['wplc_include_on_pages'] = "";
@@ -706,9 +759,6 @@ function wplc_admin_menu() {
706
  add_action("wplc_hook_menu","wplc_hook_control_menu");
707
  function wplc_hook_control_menu() {
708
  $check = apply_filters("wplc_filter_menu_api",0);
709
- if ($check > 0) {
710
- //add_submenu_page('wplivechat-menu', __('API Keys', 'wplivechat'), __('API Keys', 'wplivechat'), 'manage_options', 'wplivechat-menu-api-keys-page', 'wplc_api_keys_menu');
711
- }
712
  }
713
 
714
  /**
@@ -725,18 +775,6 @@ function wplc_mid_hook_control_menu($cap) {
725
  }
726
 
727
 
728
- function wplc_api_keys_menu() {
729
- $page_content = "<h1>".__("WP Live Chat Support API Key","wplivechat")."</h3>";
730
- $page_content .= "<p>".__("To find and manage your API key, please visit your <a target='_BLANK' href='https://wp-livechat.com/my-account/'>my account</a> page.","")."</p>";
731
-
732
- $page_content .= "<hr />";
733
- $page_content = apply_filters("wplc_filter_api_page",$page_content);
734
-
735
-
736
- echo $page_content;
737
- }
738
-
739
-
740
  add_action("wp_head","wplc_load_user_js",0);
741
 
742
 
@@ -844,7 +882,7 @@ function wplc_push_js_to_front() {
844
 
845
  //For node verification
846
 
847
- wp_localize_script('wplc-server-script', 'wplc_pro_auth', get_option('wp-live-chat-support-pro_key', "false"));
848
 
849
 
850
  //Emoji Libs
@@ -977,7 +1015,7 @@ function wplc_push_js_to_front() {
977
  'valid_name' => __( "Please enter your name", "wplivechat" ),
978
  'valid_email' => __( "Please enter your email address", "wplivechat" ),
979
  'server_connection_lost' => __("Connection to server lost. Please reload this page. Error: ", "wplivechat"),
980
- 'chat_ended_by_operator' => ( empty( $wplc_settings['wplc_text_chat_ended'] ) ) ? __("The chat has been ended by the operator.", "wplivechat") : esc_attr( $wplc_settings['wplc_text_chat_ended'] ) ,
981
  'empty_message' => __( "Please enter a message", "wplivechat" ),
982
  'disconnected_message' => __("Disconnected, attempting to reconnect...", "wplivechat"),
983
  );
@@ -1129,10 +1167,10 @@ function wplc_user_top_js() {
1129
  if($wplc_theme == 'theme-6') {
1130
  /* custom */
1131
 
1132
- if (isset($wplc_settings["wplc_settings_color1"])) { $wplc_settings_color1 = $wplc_settings["wplc_settings_color1"]; } else { $wplc_settings_color1 = "ED832F"; }
1133
- if (isset($wplc_settings["wplc_settings_color2"])) { $wplc_settings_color2 = $wplc_settings["wplc_settings_color2"]; } else { $wplc_settings_color2 = "FFFFFF"; }
1134
- if (isset($wplc_settings["wplc_settings_color3"])) { $wplc_settings_color3 = $wplc_settings["wplc_settings_color3"]; } else { $wplc_settings_color3 = "EEEEEE"; }
1135
- if (isset($wplc_settings["wplc_settings_color4"])) { $wplc_settings_color4 = $wplc_settings["wplc_settings_color4"]; } else { $wplc_settings_color4 = "666666"; }
1136
 
1137
 
1138
  ?>
@@ -2649,7 +2687,7 @@ function wplc_draw_chat_area($cid, $chat_data = false) {
2649
 
2650
  if (!$result->continue) { return; }
2651
 
2652
- echo"<div class='admin_chat_box'><div class='admin_chat_box_inner' id='admin_chat_box_area_" . $result->id . "'>".apply_filters( "wplc_chat_box_draw_chat_box_inner", "", $cid)."</div><div class='admin_chat_box_inner_bottom'>" . wplc_return_chat_response_box($cid, $result) . "</div>";
2653
 
2654
 
2655
  echo "</div>";
@@ -2942,8 +2980,9 @@ function wplc_return_admin_chat_javascript($cid) {
2942
 
2943
 
2944
  function wplc_activate() {
2945
-
2946
  wplc_handle_db();
 
2947
  if (!get_option("WPLC_SETTINGS")) {
2948
  $wplc_alt_text = __("Please click \'Start Chat\' to initiate a chat with an agent", "wplivechat");
2949
  $wplc_default_visitor_name = __( "Guest", "wplivechat" );
@@ -3225,7 +3264,7 @@ function wplc_add_user_stylesheet() {
3225
 
3226
 
3227
  if ( isset( $wplc_settings['wplc_settings_bg'] ) ) {
3228
- if ( $wplc_settings['wplc_settings_bg'] == "0" ) { $bg = false; } else { $bg = esc_attr( $wplc_settings['wplc_settings_bg'] ); }
3229
  } else { $bg = "cloudy.jpg"; }
3230
  if ($bg) {
3231
  $bg = plugins_url('images/bg/'.$bg, __FILE__);
@@ -3344,7 +3383,7 @@ add_action( 'init', 'wplc_online_check_script', 10 );
3344
  * @return void
3345
  */
3346
  function wplc_online_check_script() {
3347
- if (esc_attr( get_the_author_meta( 'wplc_ma_agent', get_current_user_id() ) ) == "1"){
3348
  $ajax_nonce = wp_create_nonce("wplc");
3349
  wp_register_script( 'wplc-heartbeat', plugins_url( 'js/wplc_heartbeat.js', __FILE__ ), array( 'jquery' ), WPLC_PLUGIN_VERSION, true );
3350
  wp_enqueue_script( 'wplc-heartbeat' );
@@ -3363,7 +3402,7 @@ add_filter( 'heartbeat_received', 'wplc_heartbeat_receive', 10, 2 );
3363
  add_filter( 'heartbeat_nopriv_received', 'wplc_heartbeat_receive', 10, 2 );
3364
  function wplc_heartbeat_receive( $response, $data ) {
3365
  if ( array_key_exists('client',$data) && $data['client'] == 'wplc_heartbeat' ) {
3366
- if (esc_attr( get_the_author_meta( 'wplc_ma_agent', get_current_user_id() ) ) == "1"){
3367
  update_user_meta(get_current_user_id(), "wplc_chat_agent_online", time());
3368
  wplc_hook_control_set_transient();
3369
  }
@@ -3797,12 +3836,12 @@ function wplc_admin_display_offline_messages() {
3797
  echo "<tr><td></td><td>" . __("You have not received any offline messages.", "wplivechat") . "</td></tr>";
3798
  } else {
3799
  foreach ($results as $result) {
3800
- echo "<tr id=\"record_" . $result->id . "\">";
3801
- echo "<td class='chat_id column-chat_d'>" . $result->timestamp . "</td>";
3802
- echo "<td class='chat_name column_chat_name' id='chat_name_" . $result->id . "'><img src=\"//www.gravatar.com/avatar/" . md5($result->email) . "?s=30&d=mm\" /> " . $result->name . "</td>";
3803
- echo "<td class='chat_email column_chat_email' id='chat_email_" . $result->id . "'><a href='mailto:" . $result->email . "' title='Email " . ".$result->email." . "'>" . $result->email . "</a></td>";
3804
- echo "<td class='chat_name column_chat_url' id='chat_url_" . $result->id . "'>" . nl2br($result->message) . "</td>";
3805
- echo "<td class='chat_name column_chat_delete'><button class='button wplc_delete_message' title='".__('Delete Message', 'wplivechat')."' class='wplc_delete_message' mid='".$result->id."'><i class='fa fa-times'></i></button></td>";
3806
  echo "</tr>";
3807
  }
3808
  }
@@ -3926,115 +3965,114 @@ function wplc_head() {
3926
  do_action("wplc_hook_admin_settings_save");
3927
 
3928
  $wplc_choose_data = get_option("WPLC_CHOOSE_SETTINGS");
3929
- if(isset($_POST['wplc_auto_online'])){ $wplc_choose_data['wplc_auto_online'] = esc_attr($_POST['wplc_auto_online']);} else { $wplc_choose_data['wplc_auto_online'] = 0; }
3930
 
3931
- if (isset($_POST['wplc_enable_encryption'])) {$wplc_encrypt_data['wplc_enable_encryption'] = esc_attr($_POST['wplc_enable_encryption']);} else {$wplc_encrypt_data['wplc_enable_encryption'] = 0;}
3932
 
3933
- if (isset($_POST['wplc_include_on_pages'])) { $wplc_inex_data['wplc_include_on_pages'] = esc_attr($_POST['wplc_include_on_pages']); }
3934
- if (isset($_POST['wplc_exclude_from_pages'])) { $wplc_inex_data['wplc_exclude_from_pages'] = esc_attr($_POST['wplc_exclude_from_pages']); }
3935
- if (isset($_POST['wplc_exclude_post_types']) && ! empty($_POST['wplc_exclude_post_types'])) {foreach ( $_POST['wplc_exclude_post_types'] as $post_type ) { $wplc_inex_data['wplc_exclude_post_types'][] = esc_attr($post_type); } }
3936
- if (isset($_POST['wplc_exclude_home'])) { $wplc_inex_data['wplc_exclude_home'] = esc_attr($_POST['wplc_exclude_home']); }
3937
- if (isset($_POST['wplc_exclude_archive'])) { $wplc_inex_data['wplc_exclude_archive'] = esc_attr($_POST['wplc_exclude_archive']); }
3938
 
3939
- if (isset($_POST['wplc_make_agent'])) { $wplc_inex_data['wplc_make_agent'] = esc_attr($_POST['wplc_make_agent']); }
3940
 
3941
- if (isset($_POST['wplc_quick_response_orderby'])) { $wplc_data['wplc_quick_response_orderby'] = esc_attr($_POST['wplc_quick_response_orderby']); }
3942
- if (isset($_POST['wplc_quick_response_order'])) { $wplc_data['wplc_quick_response_order'] = esc_attr($_POST['wplc_quick_response_order']); }
3943
 
3944
- if ( isset( $_POST['wplc_enable_transcripts'] ) ) { $wplc_et_data['wplc_enable_transcripts'] = esc_attr( $_POST['wplc_enable_transcripts'] );} else {$wplc_et_data['wplc_enable_transcripts'] = 0;}
3945
- if ( isset( $_POST['wplc_send_transcripts_to'] ) ) {$wplc_et_data['wplc_send_transcripts_to'] = esc_attr( $_POST['wplc_send_transcripts_to'] ); } else {$wplc_et_data['wplc_send_transcripts_to'] = 'user'; }
3946
- if ( isset( $_POST['wplc_send_transcripts_when_chat_ends'] ) ) {$wplc_et_data['wplc_send_transcripts_when_chat_ends'] = esc_attr( $_POST['wplc_send_transcripts_when_chat_ends'] ); } else {$wplc_et_data['wplc_send_transcripts_when_chat_ends'] = 0;}
3947
 
3948
- if ( isset( $_POST['wplc_et_email_header'] ) ) {$wplc_et_data['wplc_et_email_header'] = esc_attr( $_POST['wplc_et_email_header'] ); }
3949
- if ( isset( $_POST['wplc_et_email_footer'] ) ) {$wplc_et_data['wplc_et_email_footer'] = esc_attr( $_POST['wplc_et_email_footer'] ); }
3950
- if ( isset( $_POST['wplc_et_email_body'] ) ) {$wplc_et_data['wplc_et_email_body'] = esc_html( $_POST['wplc_et_email_body'] );}
3951
 
3952
- if ( isset( $_POST['wplc_enable_voice_notes_on_admin'] ) ) {$wplc_data['wplc_enable_voice_notes_on_admin'] = esc_attr( $_POST['wplc_enable_voice_notes_on_admin'] );
3953
  } else {$wplc_data['wplc_enable_voice_notes_on_admin'] = "0";}
3954
- if ( isset( $_POST['wplc_enable_voice_notes_on_visitor'] ) ) { $wplc_data['wplc_enable_voice_notes_on_visitor'] = esc_attr( $_POST['wplc_enable_voice_notes_on_visitor'] );} else { $wplc_data['wplc_enable_voice_notes_on_visitor'] = "0";}
3955
 
3956
- if (isset($_POST['wplc_settings_align'])) { $wplc_data['wplc_settings_align'] = esc_attr($_POST['wplc_settings_align']); }
3957
- if (isset($_POST['wplc_settings_bg'])) { $wplc_data['wplc_settings_bg'] = esc_attr($_POST['wplc_settings_bg']); }
3958
- if (isset($_POST['wplc_environment'])) { $wplc_data['wplc_environment'] = esc_attr($_POST['wplc_environment']); }
3959
- if (isset($_POST['wplc_settings_fill'])) { $wplc_data['wplc_settings_fill'] = esc_attr($_POST['wplc_settings_fill']); }
3960
- if (isset($_POST['wplc_settings_font'])) { $wplc_data['wplc_settings_font'] = esc_attr($_POST['wplc_settings_font']); }
3961
- if (isset($_POST['wplc_settings_color1'])) { $wplc_data['wplc_settings_color1'] = esc_attr($_POST['wplc_settings_color1']); /* backwards compatibility for pro */ $wplc_data['wplc_settings_fill'] = esc_attr($_POST['wplc_settings_color1']); }
3962
- if (isset($_POST['wplc_settings_color2'])) { $wplc_data['wplc_settings_color2'] = esc_attr($_POST['wplc_settings_color2']); /* backwards compatibility for pro */ $wplc_data['wplc_settings_font'] = esc_attr($_POST['wplc_settings_color2']); }
3963
- if (isset($_POST['wplc_settings_color3'])) { $wplc_data['wplc_settings_color3'] = esc_attr($_POST['wplc_settings_color3']); }
3964
- if (isset($_POST['wplc_settings_color4'])) { $wplc_data['wplc_settings_color4'] = esc_attr($_POST['wplc_settings_color4']); }
3965
-
3966
- if (isset($_POST['wplc_settings_enabled'])) { $wplc_data['wplc_settings_enabled'] = esc_attr($_POST['wplc_settings_enabled']); }
3967
- if (isset($_POST['wplc_powered_by_link'])) { $wplc_data['wplc_powered_by_link'] = esc_attr($_POST['wplc_powered_by_link']); }
3968
- if (isset($_POST['wplc_auto_pop_up'])) { $wplc_data['wplc_auto_pop_up'] = esc_attr($_POST['wplc_auto_pop_up']); }
3969
- if (isset($_POST['wplc_require_user_info'])) { $wplc_data['wplc_require_user_info'] = esc_attr($_POST['wplc_require_user_info']); } else { $wplc_data['wplc_require_user_info'] = "0"; }
3970
- if (isset($_POST['wplc_user_default_visitor_name']) && $_POST['wplc_user_default_visitor_name'] != '') { $wplc_data['wplc_user_default_visitor_name'] = esc_attr($_POST['wplc_user_default_visitor_name']); } else { $wplc_data['wplc_user_default_visitor_name'] = __("Guest", "wplivechat"); }
3971
- if (isset($_POST['wplc_loggedin_user_info'])) { $wplc_data['wplc_loggedin_user_info'] = esc_attr($_POST['wplc_loggedin_user_info']); } else { $wplc_data['wplc_loggedin_user_info'] = "0"; }
3972
- if (isset($_POST['wplc_user_alternative_text']) && $_POST['wplc_user_alternative_text'] != '') { $wplc_data['wplc_user_alternative_text'] = esc_attr($_POST['wplc_user_alternative_text']); } else { $wplc_data['wplc_user_alternative_text'] = __("Please click 'Start Chat' to initiate a chat with an agent", "wplivechat"); }
3973
- if (isset($_POST['wplc_enabled_on_mobile'])) { $wplc_data['wplc_enabled_on_mobile'] = esc_attr($_POST['wplc_enabled_on_mobile']); } else { $wplc_data['wplc_enabled_on_mobile'] = "0"; }
3974
- if (isset($_POST['wplc_display_name'])) { $wplc_data['wplc_display_name'] = esc_attr($_POST['wplc_display_name']); }
3975
- if (isset($_POST['wplc_display_to_loggedin_only'])) { $wplc_data['wplc_display_to_loggedin_only'] = esc_attr($_POST['wplc_display_to_loggedin_only']); }
3976
- if (isset($_POST['wplc_redirect_to_thank_you_page'])) { $wplc_data['wplc_redirect_to_thank_you_page'] = esc_attr($_POST['wplc_redirect_to_thank_you_page']); }
3977
- if (isset($_POST['wplc_redirect_thank_you_url'])) { $wplc_data['wplc_redirect_thank_you_url'] = urlencode(str_replace("https:", "", str_replace("http:", "", $_POST['wplc_redirect_thank_you_url']) ) ); }
3978
- if (isset($_POST['wplc_is_gif_integration_enabled'] )){ $wplc_data['wplc_is_gif_integration_enabled'] = esc_attr($_POST['wplc_is_gif_integration_enabled']); }
3979
- if (isset($_POST['wplc_preferred_gif_provider'])) { $wplc_data['wplc_preferred_gif_provider'] = esc_attr($_POST['wplc_preferred_gif_provider']); }
3980
- if (isset($_POST['wplc_giphy_api_key'])) { $wplc_data['wplc_giphy_api_key'] = esc_attr($_POST['wplc_giphy_api_key']); }
3981
- if (isset($_POST['wplc_tenor_api_key'])) { $wplc_data['wplc_tenor_api_key'] = esc_attr($_POST['wplc_tenor_api_key']); }
3982
  $wplc_data['wplc_disable_emojis'] = !empty($_POST['wplc_disable_emojis']);
3983
  $wplc_data['wplc_record_ip_address'] = "0";
3984
- if(isset($_POST['wplc_enable_msg_sound'])){ $wplc_data['wplc_enable_msg_sound'] = esc_attr($_POST['wplc_enable_msg_sound']); } else { $wplc_data['wplc_enable_msg_sound'] = "0"; }
3985
- if(isset($_POST['wplc_enable_visitor_sound'])){ $wplc_data['wplc_enable_visitor_sound'] = esc_attr($_POST['wplc_enable_visitor_sound']); } else { $wplc_data['wplc_enable_visitor_sound'] = "0"; }
3986
- if(isset($_POST['wplc_enable_font_awesome'])){ $wplc_data['wplc_enable_font_awesome'] = esc_attr($_POST['wplc_enable_font_awesome']); } else { $wplc_data['wplc_enable_font_awesome'] = "0"; }
3987
- if(isset($_POST['wplc_enable_all_admin_pages'])){ $wplc_data['wplc_enable_all_admin_pages'] = esc_attr($_POST['wplc_enable_all_admin_pages']); } else { $wplc_data['wplc_enable_all_admin_pages'] = "0"; }
3988
- if (isset($_POST['wplc_pro_na'])) { $wplc_data['wplc_pro_na'] = esc_attr($_POST['wplc_pro_na']); }
3989
- if (isset($_POST['wplc_hide_when_offline'])) { $wplc_data['wplc_hide_when_offline'] = esc_attr($_POST['wplc_hide_when_offline']); }
3990
- if (isset($_POST['wplc_pro_chat_email_address'])) { $wplc_data['wplc_pro_chat_email_address'] = esc_attr($_POST['wplc_pro_chat_email_address']); }
3991
- if (isset($_POST['wplc_pro_chat_email_offline_subject'])) { $wplc_data['wplc_pro_chat_email_offline_subject'] = esc_attr($_POST['wplc_pro_chat_email_offline_subject']); }
3992
- if (isset($_POST['wplc_pro_offline1'])) { $wplc_data['wplc_pro_offline1'] = esc_attr($_POST['wplc_pro_offline1']); }
3993
- if (isset($_POST['wplc_pro_offline2'])) { $wplc_data['wplc_pro_offline2'] = esc_attr($_POST['wplc_pro_offline2']); }
3994
- if (isset($_POST['wplc_pro_offline3'])) { $wplc_data['wplc_pro_offline3'] = esc_attr($_POST['wplc_pro_offline3']); }
3995
- if (isset($_POST['wplc_pro_offline_btn'])) { $wplc_data['wplc_pro_offline_btn'] = esc_attr($_POST['wplc_pro_offline_btn']); }
3996
- if (isset($_POST['wplc_pro_offline_btn_send'])) { $wplc_data['wplc_pro_offline_btn_send'] = esc_attr($_POST['wplc_pro_offline_btn_send']); }
3997
- if (isset($_POST['wplc_using_localization_plugin'])){ $wplc_data['wplc_using_localization_plugin'] = esc_attr($_POST['wplc_using_localization_plugin']); }
3998
- if (isset($_POST['wplc_pro_fst1'])) { $wplc_data['wplc_pro_fst1'] = esc_attr($_POST['wplc_pro_fst1']); }
3999
- if (isset($_POST['wplc_pro_fst2'])) { $wplc_data['wplc_pro_fst2'] = esc_attr($_POST['wplc_pro_fst2']); }
4000
- if (isset($_POST['wplc_pro_fst3'])) { $wplc_data['wplc_pro_fst3'] = esc_attr($_POST['wplc_pro_fst3']); }
4001
- if (isset($_POST['wplc_pro_sst1'])) { $wplc_data['wplc_pro_sst1'] = esc_attr($_POST['wplc_pro_sst1']); }
4002
- if (isset($_POST['wplc_pro_sst1_survey'])) { $wplc_data['wplc_pro_sst1_survey'] = esc_attr($_POST['wplc_pro_sst1_survey']); }
4003
- if (isset($_POST['wplc_pro_sst1e_survey'])) { $wplc_data['wplc_pro_sst1e_survey'] = esc_attr($_POST['wplc_pro_sst1e_survey']); }
4004
- if (isset($_POST['wplc_pro_sst2'])) { $wplc_data['wplc_pro_sst2'] = esc_attr($_POST['wplc_pro_sst2']); }
4005
- if (isset($_POST['wplc_pro_tst1'])) { $wplc_data['wplc_pro_tst1'] = esc_attr($_POST['wplc_pro_tst1']); }
4006
- if (isset($_POST['wplc_pro_intro'])) { $wplc_data['wplc_pro_intro'] = esc_attr($_POST['wplc_pro_intro']); }
4007
- if (isset($_POST['wplc_user_enter'])) { $wplc_data['wplc_user_enter'] = esc_attr($_POST['wplc_user_enter']); }
4008
- if (isset($_POST['wplc_text_chat_ended'])) { $wplc_data['wplc_text_chat_ended'] = esc_attr($_POST['wplc_text_chat_ended']); }
4009
- if (isset($_POST['wplc_close_btn_text'])) { $wplc_data['wplc_close_btn_text'] = esc_attr($_POST['wplc_close_btn_text']); }
4010
- if (isset($_POST['wplc_user_welcome_chat'])) { $wplc_data['wplc_user_welcome_chat'] = esc_attr($_POST['wplc_user_welcome_chat']); }
4011
- if (isset($_POST['wplc_welcome_msg'])) { $wplc_data['wplc_welcome_msg'] = esc_attr($_POST['wplc_welcome_msg']); }
4012
- if (isset($_POST['wplc_typing_enabled']) && $_POST['wplc_typing_enabled'] == "1") { $wplc_data['wplc_typing_enabled'] = esc_attr($_POST['wplc_typing_enabled']); } else { $wplc_data['wplc_typing_enabled'] = "0"; }
4013
- if (isset($_POST['wplc_ux_editor'])) { $wplc_data['wplc_ux_editor'] = esc_attr($_POST['wplc_ux_editor']); } else { $wplc_data['wplc_ux_editor'] = "0"; }
4014
- if (isset($_POST['wplc_ux_file_share'])) { $wplc_data['wplc_ux_file_share'] = esc_attr($_POST['wplc_ux_file_share']); } else { $wplc_data['wplc_ux_file_share'] = "0"; }
4015
- if (isset($_POST['wplc_ux_exp_rating'])) { $wplc_data['wplc_ux_exp_rating'] = esc_attr($_POST['wplc_ux_exp_rating']); } else { $wplc_data['wplc_ux_exp_rating'] = "0"; }
4016
- if (isset($_POST['wplc_disable_initiate_chat']) && $_POST['wplc_disable_initiate_chat'] == "1") { $wplc_data['wplc_disable_initiate_chat'] = esc_attr($_POST['wplc_disable_initiate_chat']); } else { $wplc_data['wplc_disable_initiate_chat'] = "0"; }
4017
- if (isset($_POST['wplc_pro_name'])) { $wplc_acbc_data['wplc_chat_name'] = esc_attr($_POST['wplc_pro_name']); }
4018
- if (isset($_POST['wplc_use_wp_name'])) { $wplc_acbc_data['wplc_use_wp_name'] = esc_attr($_POST['wplc_use_wp_name']); } else { $wplc_acbc_data['wplc_use_wp_name'] = "0"; }
4019
- if (isset($_POST['wplc_upload_pic'])) { $wplc_acbc_data['wplc_chat_pic'] = esc_attr(urlencode(base64_decode($_POST['wplc_upload_pic']))); }
4020
- if (isset($_POST['wplc_upload_logo'])) { $wplc_acbc_data['wplc_chat_logo'] = esc_attr(urlencode(base64_decode($_POST['wplc_upload_logo']))); }
4021
- if (isset($_POST['wplc_upload_icon'])) { $wplc_acbc_data['wplc_chat_icon'] = esc_attr(urlencode(base64_decode($_POST['wplc_upload_icon']))); }
4022
- if (isset($_POST['wplc_pro_delay'])) { $wplc_acbc_data['wplc_chat_delay'] = esc_attr($_POST['wplc_pro_delay']); }
4023
- if (isset($_POST['wplc_pro_chat_notification'])) { $wplc_acbc_data['wplc_pro_chat_notification'] = esc_attr($_POST['wplc_pro_chat_notification']); }
4024
- if (isset($_POST['wplc_pro_chat_email_address'])) { $wplc_acbc_data['wplc_pro_chat_email_address'] = esc_attr($_POST['wplc_pro_chat_email_address']); }
4025
- if (isset($_POST['wplc_social_fb'])) { $wplc_acbc_data['wplc_social_fb'] = str_replace("https:", "", urlencode($_POST['wplc_social_fb']) ); }
4026
- if (isset($_POST['wplc_social_tw'])) { $wplc_acbc_data['wplc_social_tw'] = str_replace("https:", "", urlencode($_POST['wplc_social_tw']) ); }
4027
- if (isset($_POST['wplc_ringtone'])) { $wplc_data['wplc_ringtone'] = str_replace("https:", "", esc_attr($_POST['wplc_ringtone']) ); }
4028
- if (isset($_POST['wplc_messagetone'])) { $wplc_data['wplc_messagetone'] = str_replace("https:", "", esc_attr($_POST['wplc_messagetone']) ); }
4029
- if(isset($_POST['wplc_animation'])){ $wplc_data['wplc_animation'] = esc_attr($_POST['wplc_animation']); }
4030
- if(isset($_POST['wplc_theme'])){ $wplc_data['wplc_theme'] = esc_attr($_POST['wplc_theme']); }
4031
- if(isset($_POST['wplc_newtheme'])){ $wplc_data['wplc_newtheme'] = esc_attr($_POST['wplc_newtheme']); }
4032
- if(isset($_POST['wplc_elem_trigger_action'])){ $wplc_data['wplc_elem_trigger_action'] = esc_attr($_POST['wplc_elem_trigger_action']); } else{ $wplc_data['wplc_elem_trigger_action'] = "0"; }
4033
- if(isset($_POST['wplc_elem_trigger_type'])){ $wplc_data['wplc_elem_trigger_type'] = esc_attr($_POST['wplc_elem_trigger_type']); } else { $wplc_data['wplc_elem_trigger_type'] = "0";}
4034
- if(isset($_POST['wplc_elem_trigger_id'])){ $wplc_data['wplc_elem_trigger_id'] = esc_attr($_POST['wplc_elem_trigger_id']); } else { $wplc_data['wplc_elem_trigger_id'] = ""; }
4035
 
4036
  if (isset($_POST['wplc_node_disable_typing_preview'])) {
4037
- $wplc_data['wplc_node_disable_typing_preview'] = esc_attr($_POST['wplc_node_disable_typing_preview']);
4038
  } else {
4039
  $wplc_data['wplc_node_disable_typing_preview'] = '0';
4040
  }
@@ -4080,10 +4118,10 @@ function wplc_head() {
4080
  if( isset( $_POST['wplc_show_avatar'] ) ){ $wplc_data['wplc_show_avatar'] = '1'; } else { $wplc_data['wplc_show_avatar'] = '0'; }
4081
  $wplc_data = apply_filters("wplc_settings_save_filter_hook", $wplc_data);
4082
 
4083
- if (isset($_POST['wplc_user_no_answer'])) { $wplc_data["wplc_user_no_answer"] = esc_attr($_POST['wplc_user_no_answer']); } else { $wplc_data["wplc_user_no_answer"] = __("There is No Answer. Please Try Again Later.", "wplivechat"); }
4084
 
4085
  if(isset($_POST['wplc_pro_auto_first_response_chat_msg'])){
4086
- $wplc_data['wplc_pro_auto_first_response_chat_msg'] = esc_attr($_POST['wplc_pro_auto_first_response_chat_msg']);
4087
  } else {
4088
  $wplc_data['wplc_pro_auto_first_response_chat_msg'] = "";
4089
  }
@@ -4107,17 +4145,10 @@ function wplc_head() {
4107
 
4108
 
4109
  $wplc_advanced_settings = array();
4110
- if (isset($_POST['wplc_iterations'])) { $wplc_advanced_settings['wplc_iterations'] = esc_attr($_POST['wplc_iterations']); }
4111
- if (isset($_POST['wplc_delay_between_loops'])) { $wplc_advanced_settings['wplc_delay_between_loops'] = esc_attr($_POST['wplc_delay_between_loops']); }
4112
  update_option("wplc_advanced_settings",$wplc_advanced_settings);
4113
 
4114
- update_option('wplc_mail_type', $_POST['wplc_mail_type']);
4115
- update_option('wplc_mail_host', $_POST['wplc_mail_host']);
4116
- update_option('wplc_mail_port', $_POST['wplc_mail_port']);
4117
- update_option('wplc_mail_username', $_POST['wplc_mail_username']);
4118
- update_option('wplc_mail_password', $_POST['wplc_mail_password']);
4119
-
4120
-
4121
  add_action( 'admin_notices', 'wplc_save_settings_action' );
4122
  }
4123
 
@@ -4410,52 +4441,6 @@ function wplc_get_chat_messages($cid, $only_read_messages = false, $wplc_setting
4410
  }
4411
  }
4412
 
4413
- /**
4414
- * Validates extension API keys
4415
- * @param string $page_content Current page contents in the extensions page
4416
- * @param array $data Extension data such as name and slug
4417
- * @return string Updated extensions page contents
4418
- */
4419
- function wplc_build_api_check($page_content, $data) {
4420
- $page_content .= '<div class="wplc-extension" style="height:220px;">';
4421
- $page_content .= '<p>'.__('API Key','wplivechat').'<br />';
4422
- $page_content .= " <form name='".$data['form_name']."' action='' method='POST'>";
4423
- $page_content .= " <input type='text' name='".$data['option_name']."' id='".$data['option_name']."' value='".get_option($data['option_name'])."' style='width: 250px;'/>";
4424
- $page_content .= " <input type='submit' name='".$data['button']."' id='".$data['button']."' value='".__("Verify","wplivechat")."' />";
4425
- $page_content .= " </form>";
4426
- $page_content .= '</p>';
4427
- $page_content .= '<p>'.__('Status: ','wplivechat');
4428
- if (isset($data['data']['status']) && $data['data']['status'] == "OK") {
4429
- update_option($data['is_valid'], 1);
4430
- $page_content .= "<span style='color: white; font-weight: bold; background-color: green; border-radius: 5px; padding: 3px;'>". __('Valid', 'wplivechat') . '</span>';
4431
- $page_content .= '<a href="https://wp-livechat.com/my-account/" title="'.__('Manage this API Key','wplivechat').'" class="button-secondary" target="_BLANK">'.__('Manage this API Key','wplivechat').'</a>';
4432
- } else {
4433
- update_option($data['is_valid'], 0);
4434
- $page_content .= "<span style='color: white; font-weight: bold; background-color: red; border-radius: 5px; padding: 3px;'>" . __('Invalid', 'wplivechat') . '</span>';
4435
- $page_content .= '<a href="https://wp-livechat.com/my-account/" title="'.__('Manage this API Key','wplivechat').'" class="button-secondary" target="_BLANK">'.__('Manage this API Key','wplivechat').'</a>';
4436
- }
4437
- $page_content .= '</p>';
4438
- $page_content .= '<div style="dispaly:block; width:100%; height:100px; overflow:auto;">';
4439
- if (isset($data['data']['domains']) && !empty($data['data']['domains'])) {
4440
- $page_content .= '<span><strong>'.__("Linked Domains","wplivechat").'</strong></span><ol>';
4441
- foreach ($data['data']['domains'] as $domain) {
4442
- $page_content .= '<li>'.$domain.'</li>';
4443
- }
4444
- $page_content .= '</ol>';
4445
- } else {
4446
- $page_content .= ' <span>'.$data['data']['message'].'</span>';
4447
-
4448
- }
4449
- $page_content .= '</div>';
4450
-
4451
- $page_content .= '</div>';
4452
-
4453
-
4454
-
4455
-
4456
- return $page_content;
4457
- }
4458
-
4459
  add_action('admin_init', 'wplc_admin_download_chat_history');
4460
  /**
4461
  * Downloads the chat history and adds it to a CSV file
@@ -4548,14 +4533,15 @@ function wplc_admin_download_history($type, $cid){
4548
  global $wpdb;
4549
  global $wplc_tblname_msgs;
4550
 
4551
- $results = $wpdb->get_results(
4552
  "
4553
  SELECT *
4554
  FROM $wplc_tblname_msgs
4555
- WHERE `chat_sess_id` = '$cid'
4556
  ORDER BY `timestamp` ASC
4557
  LIMIT 0, 100
4558
  "
 
4559
  );
4560
 
4561
  $fields[] = array(
@@ -4812,7 +4798,7 @@ function wplc_powered_by_link_in_chat( $string ){
4812
 
4813
  if( $show_powered_by == 1){
4814
 
4815
- $ret = "<i style='text-align: center; display: block; padding: 5px 0; font-size: 10px;'><a href='https://wp-livechat.com/?utm_source=poweredby&utm_medium=click&utm_campaign=".esc_html(site_url())."'' target='_BLANK' rel='nofollow'>".__("Powered by WP Live Chat Support", "wplivechat")."</a></i>";
4816
 
4817
  } else {
4818
 
@@ -4879,12 +4865,12 @@ function wplc_custom_scripts_content(){
4879
 
4880
  $content .= "<tr>";
4881
  $content .= "<td width='300'>".__("Custom CSS", "wplivechat")."</td>";
4882
- $content .= "<td><div id='wplc_custom_css_editor'></div><textarea name='wplc_custom_css' id='wplc_custom_css' style='display: none;' data-editor='css' rows='12'>".strip_tags( stripslashes( $wplc_custom_css ) )."</textarea></td>";
4883
  $content .= "</tr>";
4884
 
4885
  $content .= "<tr>";
4886
  $content .= "<td width='300'>".__("Custom JS", "wplivechat")."</td>";
4887
- $content .= "<td valign='middle'><div id='wplc_custom_js_editor'></div><textarea name='wplc_custom_js' id='wplc_custom_js' style='display: none;' data-editor='javascript' rows='12'>".strip_tags( stripslashes( $wplc_custom_js ) )."</textarea></td>";
4888
  $content .= "</tr>";
4889
 
4890
  $content .= "</table>";
@@ -4906,11 +4892,11 @@ function wplc_custom_scripts_save(){
4906
  if( isset( $_POST['wplc_save_settings'] ) ){
4907
  if (current_user_can('manage_options')) {
4908
  if( isset( $_POST['wplc_custom_css'] ) ){
4909
- update_option( "WPLC_CUSTOM_CSS", nl2br( $_POST['wplc_custom_css'] ) );
4910
  }
4911
 
4912
  if( isset( $_POST['wplc_custom_js'] ) ){
4913
- update_option( "WPLC_CUSTOM_JS", nl2br( $_POST['wplc_custom_js'] ) );
4914
  }
4915
  }else {
4916
  wp_die(__("You do not have permission do perform this action", "wplivechat"));
@@ -4932,14 +4918,14 @@ function wplc_custom_scripts_frontend(){
4932
  if( $wplc_custom_css ){
4933
  echo "<!-- WPLC Custom CSS -->";
4934
  echo "<style>";
4935
- echo strip_tags( stripslashes( $wplc_custom_css ) );
4936
  echo "</style>";
4937
  }
4938
 
4939
  if( $wplc_custom_js ){
4940
  echo "<!-- WPLC Custom JS -->";
4941
  echo "<script>";
4942
- echo strip_tags( stripslashes( $wplc_custom_js ) );
4943
  echo "</script>";
4944
  }
4945
 
@@ -5074,10 +5060,10 @@ function wplc_browser_notifications_admin_warning() {
5074
 
5075
  ?>
5076
  <div class="notice notice-warning is-dismissible">
5077
- <p><img src="<?php echo esc_attr( plugins_url( 'images/wplc-logo.png', __FILE__ ) ); ?>" style="width:260px;height:auto;max-width:100%;"></p>
5078
- <p><strong><?php esc_html_e( 'Browser notifications will no longer function on insecure (non-SSL) sites.', 'wplivechat' ); ?></strong></p>
5079
- <p><?php esc_html_e( 'Please add an SSL certificate to your site to continue receiving chat notifications in your browser.', 'wplivechat' ); ?></p>
5080
- <p><a href="?page=<?php echo esc_attr( $_GET['page'] ); ?>&wplc_dismiss_notice_bn=true" id="wplc_dismiss_notice_bn" class="button"><?php esc_html_e( "Don't Show This Again", 'wplivechat' ); ?></a></p>
5081
  </div>
5082
  <?php
5083
 
3
  Plugin Name: WP Live Chat Support
4
  Plugin URI: http://www.wp-livechat.com
5
  Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support.
6
+ Version: 8.0.31
7
  Author: WP-LiveChat
8
  Author URI: http://www.wp-livechat.com
9
  Text Domain: wplivechat
11
  */
12
 
13
  /*
14
+ * 8.0.31 - 2019-05-30 - High priority
15
+ * Additional sanitization and security cleanup
16
+ * Added upgrade check to clear custom JS prior to version 8.0.31
17
+ * Updated readme to document use of external services
18
+ * Fixed a bug in departments transfer where name is not defined
19
+ * Fixed issue with GUID not being generated after re-activation
20
+ * Fixed issue with escape loop in settings area
21
+ * Removed setting to disable remote servers
22
+ * Removed local encryption functionality, every chat message is using HTTPS secure connection
23
+ * Removed AES and CryptoHelpers as these are no longer used
24
+ * Removed manual inclusion of SMTP and PHPMailer
25
+ * Removed mail type setting, along with SMTP options
26
+ *
27
  * 8.0.30 - 2019-05-20 - High priority
28
  * Security revision, code updated with latest security best practices
29
  * Removed all external dependencies
41
  * Changed position/style of Online/Offline toggle
42
  * Changed loading of wplc_node.js file on the frontend to use wp_enqueue_script
43
  * Deprecated 'wplc_submit_find_us' handler as this is no longer in use
44
+ * Removed any reference to old deprecated Pro version
45
+ * Replaced all CURL requests with WordPress HTTP API requests
46
+ * Removed hardocded media.tenor image reference (loading graphic in GIF integration)
47
+ * Replaced all 'esc_' calls with respective WordPress sanitization calls
48
+ * Added sanitization to all $_GET and $_POST variable to prevent any injection or storage of unsafe values
49
+ * Deprecated 'wplc_api_call_to_server_visitor' REST endpoint as it was not in use and made use of session data
50
+ * Removed AJAX use of 'ob_start' to improve performance
51
+ * Added checks to prevent direct file access.
52
  *
53
  * 8.0.29 - 2019-05-17 - High priority
54
  * Security fix in Custom JS configuration
188
  * Fixed a bug that caused a fatal error on PHP 5.3 and below
189
  */
190
 
191
+ if ( ! defined( 'ABSPATH' ) ) {
192
+ exit;
193
+ }
194
+
195
  global $wplc_p_version;
196
  global $wplc_tblname;
197
  global $wpdb;
256
  require_once (plugin_dir_path(__FILE__) . "includes/surveys.php");
257
  require_once (plugin_dir_path(__FILE__) . "includes/notification_control.php");
258
  require_once (plugin_dir_path(__FILE__) . "includes/modal_control.php");
 
259
  require_once (plugin_dir_path(__FILE__) . "includes/wplc_data_triggers.php");
260
  require_once (plugin_dir_path(__FILE__) . "includes/wplc_roi.php");
261
  require_once (plugin_dir_path(__FILE__) . "includes/wplc_departments.php");
280
  require_once (plugin_dir_path(__FILE__) . "modules/cta_animations.php");
281
  require_once (plugin_dir_path(__FILE__) . "modules/advanced_tools.php");
282
 
 
 
 
283
  // Gutenberg Blocks
284
  require_once (plugin_dir_path(__FILE__) . "includes/blocks/wplc-chat-box/index.php");
285
  require_once (plugin_dir_path(__FILE__) . "includes/blocks/wplc-inline-chat-box/index.php");
288
  require_once (plugin_dir_path(__FILE__) . "includes/shortcodes.php");
289
 
290
  add_action('admin_init', 'detect_old_pro_plugin');
291
+ add_action("wp_login",'wplc_check_guid');
292
  add_action('init', 'wplc_version_control');
293
  add_action('init', 'wplc_init');
294
  add_action('init', 'wplc_mrg_create_macro_post_type',100);
402
 
403
  }
404
 
405
+ /**
406
+ * Added for security cleanup prior to version 8.0.31
407
+ */
408
+ if( isset( $current_version )){
409
+ if(intval(str_replace('.', '', $current_version)) < 8031){
410
+ // Remove all custom JS if previous version was less than 8.0.31
411
+ update_option( "WPLC_CUSTOM_JS", '//Cleared to prevent exploits prior to 8.0.31');
412
+ }
413
+ }
414
+
415
 
416
  $admins = get_role('administrator');
417
  if( $admins !== null ) {
538
  delete_transient('wplc_is_admin_logged_in');
539
  }
540
 
541
+ function wplc_check_guid() {
542
+ $guid=get_option('WPLC_GUID');
543
+ $guid_fqdn=get_option('WPLC_GUID_URL');
544
+ if (empty($guid) || $guid_fqdn!=get_option('siteurl')) { // guid not assigned or fqdn is changed since last assignment
545
+ $data_array = array(
546
+ 'method' => 'POST',
547
+ 'body' => array(
548
+ 'method' => 'get_guid',
549
+ 'url' => get_option('siteurl'),
550
+ )
551
+ );
552
+ $response = wp_remote_post(WPLC_ACTIVATION_SERVER.'/api/v1', $data_array);
553
+ if (is_array($response)) {
554
+ if ( $response['response']['code'] == "200" ) {
555
+ $data = json_decode($response['body'],true);
556
+ if ($data && isset($data['guid'])){
557
+ update_option('WPLC_GUID', sanitize_text_field($data["guid"]));
558
+ update_option('WPLC_GUID_URL', get_option('siteurl'));
559
+ }
560
+ }
561
+ }
562
+ }
563
+ }
564
+
565
  function wplc_action_callback() {
566
  global $wpdb;
567
  $check = check_ajax_referer('wplc', 'security');
581
  }
582
  } else if ($_POST['action'] == "wplc_user_send_offline_message") {
583
  $cid=intval($_POST['cid']);
584
+ $name=sanitize_text_field($_POST['name']);
585
+ $email=sanitize_text_field($_POST['email']);
586
+ $msg=sanitize_text_field($_POST['msg']);
587
+ if (function_exists('wplc_send_offline_msg')){ wplc_send_offline_msg($name, $email, $msg, $cid); }
588
+ if (function_exists('wplc_store_offline_message')){ wplc_store_offline_message($name, $email, $msg); }
589
  do_action("wplc_hook_offline_message",array(
590
  "cid"=>$cid,
591
+ "name"=>$name,
592
+ "email"=>$email,
593
  "url"=>get_site_url(),
594
+ "msg"=>$msg
595
  ));
596
  } else if ($_POST['action'] == "wplc_admin_set_transient") {
597
  do_action("wplc_hook_set_transient");
644
  update_option("WPLC_CHOOSE_FIRST_RUN",true);
645
  }
646
 
 
 
 
 
 
 
647
  if (!get_option("WPLC_INEX_FIRST_RUN")) {
648
  $wplc_inex_data['wplc_exclude_from_pages'] = "";
649
  $wplc_inex_data['wplc_include_on_pages'] = "";
759
  add_action("wplc_hook_menu","wplc_hook_control_menu");
760
  function wplc_hook_control_menu() {
761
  $check = apply_filters("wplc_filter_menu_api",0);
 
 
 
762
  }
763
 
764
  /**
775
  }
776
 
777
 
 
 
 
 
 
 
 
 
 
 
 
 
778
  add_action("wp_head","wplc_load_user_js",0);
779
 
780
 
882
 
883
  //For node verification
884
 
885
+ wp_localize_script('wplc-server-script', 'wplc_guid', get_option('WPLC_GUID', ''));
886
 
887
 
888
  //Emoji Libs
1015
  'valid_name' => __( "Please enter your name", "wplivechat" ),
1016
  'valid_email' => __( "Please enter your email address", "wplivechat" ),
1017
  'server_connection_lost' => __("Connection to server lost. Please reload this page. Error: ", "wplivechat"),
1018
+ 'chat_ended_by_operator' => ( empty( $wplc_settings['wplc_text_chat_ended'] ) ) ? __("The chat has been ended by the operator.", "wplivechat") : sanitize_text_field( $wplc_settings['wplc_text_chat_ended'] ) ,
1019
  'empty_message' => __( "Please enter a message", "wplivechat" ),
1020
  'disconnected_message' => __("Disconnected, attempting to reconnect...", "wplivechat"),
1021
  );
1167
  if($wplc_theme == 'theme-6') {
1168
  /* custom */
1169
 
1170
+ if (isset($wplc_settings["wplc_settings_color1"])) { $wplc_settings_color1 = sanitize_text_field($wplc_settings["wplc_settings_color1"]); } else { $wplc_settings_color1 = "ED832F"; }
1171
+ if (isset($wplc_settings["wplc_settings_color2"])) { $wplc_settings_color2 = sanitize_text_field($wplc_settings["wplc_settings_color2"]); } else { $wplc_settings_color2 = "FFFFFF"; }
1172
+ if (isset($wplc_settings["wplc_settings_color3"])) { $wplc_settings_color3 = sanitize_text_field($wplc_settings["wplc_settings_color3"]); } else { $wplc_settings_color3 = "EEEEEE"; }
1173
+ if (isset($wplc_settings["wplc_settings_color4"])) { $wplc_settings_color4 = sanitize_text_field($wplc_settings["wplc_settings_color4"]); } else { $wplc_settings_color4 = "666666"; }
1174
 
1175
 
1176
  ?>
2687
 
2688
  if (!$result->continue) { return; }
2689
 
2690
+ echo"<div class='admin_chat_box'><div class='admin_chat_box_inner' id='admin_chat_box_area_" . intval($result->id) . "'>".apply_filters( "wplc_chat_box_draw_chat_box_inner", "", $cid)."</div><div class='admin_chat_box_inner_bottom'>" . wplc_return_chat_response_box($cid, $result) . "</div>";
2691
 
2692
 
2693
  echo "</div>";
2980
 
2981
 
2982
  function wplc_activate() {
2983
+ wplc_check_guid();
2984
  wplc_handle_db();
2985
+
2986
  if (!get_option("WPLC_SETTINGS")) {
2987
  $wplc_alt_text = __("Please click \'Start Chat\' to initiate a chat with an agent", "wplivechat");
2988
  $wplc_default_visitor_name = __( "Guest", "wplivechat" );
3264
 
3265
 
3266
  if ( isset( $wplc_settings['wplc_settings_bg'] ) ) {
3267
+ if ( $wplc_settings['wplc_settings_bg'] == "0" ) { $bg = false; } else { $bg = sanitize_text_field( $wplc_settings['wplc_settings_bg'] ); }
3268
  } else { $bg = "cloudy.jpg"; }
3269
  if ($bg) {
3270
  $bg = plugins_url('images/bg/'.$bg, __FILE__);
3383
  * @return void
3384
  */
3385
  function wplc_online_check_script() {
3386
+ if (sanitize_text_field( get_the_author_meta( 'wplc_ma_agent', get_current_user_id() ) ) == "1"){
3387
  $ajax_nonce = wp_create_nonce("wplc");
3388
  wp_register_script( 'wplc-heartbeat', plugins_url( 'js/wplc_heartbeat.js', __FILE__ ), array( 'jquery' ), WPLC_PLUGIN_VERSION, true );
3389
  wp_enqueue_script( 'wplc-heartbeat' );
3402
  add_filter( 'heartbeat_nopriv_received', 'wplc_heartbeat_receive', 10, 2 );
3403
  function wplc_heartbeat_receive( $response, $data ) {
3404
  if ( array_key_exists('client',$data) && $data['client'] == 'wplc_heartbeat' ) {
3405
+ if (sanitize_text_field( get_the_author_meta( 'wplc_ma_agent', get_current_user_id() ) ) == "1"){
3406
  update_user_meta(get_current_user_id(), "wplc_chat_agent_online", time());
3407
  wplc_hook_control_set_transient();
3408
  }
3836
  echo "<tr><td></td><td>" . __("You have not received any offline messages.", "wplivechat") . "</td></tr>";
3837
  } else {
3838
  foreach ($results as $result) {
3839
+ echo "<tr id=\"record_" . intval($result->id) . "\">";
3840
+ echo "<td class='chat_id column-chat_d'>" . sanitize_text_field($result->timestamp) . "</td>";
3841
+ echo "<td class='chat_name column_chat_name' id='chat_name_" . intval($result->id) . "'><img src=\"//www.gravatar.com/avatar/" . md5($result->email) . "?s=30&d=mm\" /> " . sanitize_text_field($result->name) . "</td>";
3842
+ echo "<td class='chat_email column_chat_email' id='chat_email_" . intval($result->id) . "'><a href='mailto:" . sanitize_email($result->email) . "' title='Email " . ".$result->email." . "'>" . sanitize_email($result->email) . "</a></td>";
3843
+ echo "<td class='chat_name column_chat_url' id='chat_url_" . intval($result->id) . "'>" . nl2br(sanitize_text_field($result->message)) . "</td>";
3844
+ echo "<td class='chat_name column_chat_delete'><button class='button wplc_delete_message' title='".__('Delete Message', 'wplivechat')."' class='wplc_delete_message' mid='".intval($result->id)."'><i class='fa fa-times'></i></button></td>";
3845
  echo "</tr>";
3846
  }
3847
  }
3965
  do_action("wplc_hook_admin_settings_save");
3966
 
3967
  $wplc_choose_data = get_option("WPLC_CHOOSE_SETTINGS");
3968
+ if(isset($_POST['wplc_auto_online'])){ $wplc_choose_data['wplc_auto_online'] = sanitize_text_field($_POST['wplc_auto_online']);} else { $wplc_choose_data['wplc_auto_online'] = 0; }
3969
 
 
3970
 
3971
+ if (isset($_POST['wplc_include_on_pages'])) { $wplc_inex_data['wplc_include_on_pages'] = sanitize_text_field($_POST['wplc_include_on_pages']); }
3972
+ if (isset($_POST['wplc_exclude_from_pages'])) { $wplc_inex_data['wplc_exclude_from_pages'] = sanitize_text_field($_POST['wplc_exclude_from_pages']); }
3973
+ if (isset($_POST['wplc_exclude_post_types']) && ! empty($_POST['wplc_exclude_post_types'])) {foreach ( $_POST['wplc_exclude_post_types'] as $post_type ) { $wplc_inex_data['wplc_exclude_post_types'][] = sanitize_text_field($post_type); } }
3974
+ if (isset($_POST['wplc_exclude_home'])) { $wplc_inex_data['wplc_exclude_home'] = sanitize_text_field($_POST['wplc_exclude_home']); }
3975
+ if (isset($_POST['wplc_exclude_archive'])) { $wplc_inex_data['wplc_exclude_archive'] = sanitize_text_field($_POST['wplc_exclude_archive']); }
3976
 
3977
+ if (isset($_POST['wplc_make_agent'])) { $wplc_inex_data['wplc_make_agent'] = sanitize_text_field($_POST['wplc_make_agent']); }
3978
 
3979
+ if (isset($_POST['wplc_quick_response_orderby'])) { $wplc_data['wplc_quick_response_orderby'] = sanitize_text_field($_POST['wplc_quick_response_orderby']); }
3980
+ if (isset($_POST['wplc_quick_response_order'])) { $wplc_data['wplc_quick_response_order'] = sanitize_text_field($_POST['wplc_quick_response_order']); }
3981
 
3982
+ if ( isset( $_POST['wplc_enable_transcripts'] ) ) { $wplc_et_data['wplc_enable_transcripts'] = sanitize_text_field( $_POST['wplc_enable_transcripts'] );} else {$wplc_et_data['wplc_enable_transcripts'] = 0;}
3983
+ if ( isset( $_POST['wplc_send_transcripts_to'] ) ) {$wplc_et_data['wplc_send_transcripts_to'] = sanitize_text_field( $_POST['wplc_send_transcripts_to'] ); } else {$wplc_et_data['wplc_send_transcripts_to'] = 'user'; }
3984
+ if ( isset( $_POST['wplc_send_transcripts_when_chat_ends'] ) ) {$wplc_et_data['wplc_send_transcripts_when_chat_ends'] = sanitize_text_field( $_POST['wplc_send_transcripts_when_chat_ends'] ); } else {$wplc_et_data['wplc_send_transcripts_when_chat_ends'] = 0;}
3985
 
3986
+ if ( isset( $_POST['wplc_et_email_header'] ) ) {$wplc_et_data['wplc_et_email_header'] = sanitize_text_field( $_POST['wplc_et_email_header'] ); }
3987
+ if ( isset( $_POST['wplc_et_email_footer'] ) ) {$wplc_et_data['wplc_et_email_footer'] = sanitize_text_field( $_POST['wplc_et_email_footer'] ); }
3988
+ if ( isset( $_POST['wplc_et_email_body'] ) ) {$wplc_et_data['wplc_et_email_body'] = wp_filter_post_kses( $_POST['wplc_et_email_body'] );}
3989
 
3990
+ if ( isset( $_POST['wplc_enable_voice_notes_on_admin'] ) ) {$wplc_data['wplc_enable_voice_notes_on_admin'] = sanitize_text_field( $_POST['wplc_enable_voice_notes_on_admin'] );
3991
  } else {$wplc_data['wplc_enable_voice_notes_on_admin'] = "0";}
3992
+ if ( isset( $_POST['wplc_enable_voice_notes_on_visitor'] ) ) { $wplc_data['wplc_enable_voice_notes_on_visitor'] = sanitize_text_field( $_POST['wplc_enable_voice_notes_on_visitor'] );} else { $wplc_data['wplc_enable_voice_notes_on_visitor'] = "0";}
3993
 
3994
+ if (isset($_POST['wplc_settings_align'])) { $wplc_data['wplc_settings_align'] = sanitize_text_field($_POST['wplc_settings_align']); }
3995
+ if (isset($_POST['wplc_settings_bg'])) { $wplc_data['wplc_settings_bg'] = sanitize_text_field($_POST['wplc_settings_bg']); }
3996
+ if (isset($_POST['wplc_environment'])) { $wplc_data['wplc_environment'] = sanitize_text_field($_POST['wplc_environment']); }
3997
+ if (isset($_POST['wplc_settings_fill'])) { $wplc_data['wplc_settings_fill'] = sanitize_text_field($_POST['wplc_settings_fill']); }
3998
+ if (isset($_POST['wplc_settings_font'])) { $wplc_data['wplc_settings_font'] = sanitize_text_field($_POST['wplc_settings_font']); }
3999
+ if (isset($_POST['wplc_settings_color1'])) { $wplc_data['wplc_settings_color1'] = sanitize_text_field($_POST['wplc_settings_color1']); /* backwards compatibility for pro */ $wplc_data['wplc_settings_fill'] = sanitize_text_field($_POST['wplc_settings_color1']); }
4000
+ if (isset($_POST['wplc_settings_color2'])) { $wplc_data['wplc_settings_color2'] = sanitize_text_field($_POST['wplc_settings_color2']); /* backwards compatibility for pro */ $wplc_data['wplc_settings_font'] = sanitize_text_field($_POST['wplc_settings_color2']); }
4001
+ if (isset($_POST['wplc_settings_color3'])) { $wplc_data['wplc_settings_color3'] = sanitize_text_field($_POST['wplc_settings_color3']); }
4002
+ if (isset($_POST['wplc_settings_color4'])) { $wplc_data['wplc_settings_color4'] = sanitize_text_field($_POST['wplc_settings_color4']); }
4003
+
4004
+ if (isset($_POST['wplc_settings_enabled'])) { $wplc_data['wplc_settings_enabled'] = sanitize_text_field($_POST['wplc_settings_enabled']); }
4005
+ if (isset($_POST['wplc_powered_by_link'])) { $wplc_data['wplc_powered_by_link'] = sanitize_text_field($_POST['wplc_powered_by_link']); }
4006
+ if (isset($_POST['wplc_auto_pop_up'])) { $wplc_data['wplc_auto_pop_up'] = sanitize_text_field($_POST['wplc_auto_pop_up']); }
4007
+ if (isset($_POST['wplc_require_user_info'])) { $wplc_data['wplc_require_user_info'] = sanitize_text_field($_POST['wplc_require_user_info']); } else { $wplc_data['wplc_require_user_info'] = "0"; }
4008
+ if (isset($_POST['wplc_user_default_visitor_name']) && $_POST['wplc_user_default_visitor_name'] != '') { $wplc_data['wplc_user_default_visitor_name'] = sanitize_text_field($_POST['wplc_user_default_visitor_name']); } else { $wplc_data['wplc_user_default_visitor_name'] = __("Guest", "wplivechat"); }
4009
+ if (isset($_POST['wplc_loggedin_user_info'])) { $wplc_data['wplc_loggedin_user_info'] = sanitize_text_field($_POST['wplc_loggedin_user_info']); } else { $wplc_data['wplc_loggedin_user_info'] = "0"; }
4010
+ if (isset($_POST['wplc_user_alternative_text']) && $_POST['wplc_user_alternative_text'] != '') { $wplc_data['wplc_user_alternative_text'] = sanitize_text_field($_POST['wplc_user_alternative_text']); } else { $wplc_data['wplc_user_alternative_text'] = __("Please click 'Start Chat' to initiate a chat with an agent", "wplivechat"); }
4011
+ if (isset($_POST['wplc_enabled_on_mobile'])) { $wplc_data['wplc_enabled_on_mobile'] = sanitize_text_field($_POST['wplc_enabled_on_mobile']); } else { $wplc_data['wplc_enabled_on_mobile'] = "0"; }
4012
+ if (isset($_POST['wplc_display_name'])) { $wplc_data['wplc_display_name'] = sanitize_text_field($_POST['wplc_display_name']); }
4013
+ if (isset($_POST['wplc_display_to_loggedin_only'])) { $wplc_data['wplc_display_to_loggedin_only'] = sanitize_text_field($_POST['wplc_display_to_loggedin_only']); }
4014
+ if (isset($_POST['wplc_redirect_to_thank_you_page'])) { $wplc_data['wplc_redirect_to_thank_you_page'] = sanitize_text_field($_POST['wplc_redirect_to_thank_you_page']); }
4015
+ if (isset($_POST['wplc_redirect_thank_you_url'])) { $wplc_data['wplc_redirect_thank_you_url'] = esc_url(str_replace("https:", "", str_replace("http:", "", $_POST['wplc_redirect_thank_you_url']) ) ); }
4016
+ if (isset($_POST['wplc_is_gif_integration_enabled'] )){ $wplc_data['wplc_is_gif_integration_enabled'] = sanitize_text_field($_POST['wplc_is_gif_integration_enabled']); }
4017
+ if (isset($_POST['wplc_preferred_gif_provider'])) { $wplc_data['wplc_preferred_gif_provider'] = sanitize_text_field($_POST['wplc_preferred_gif_provider']); }
4018
+ if (isset($_POST['wplc_giphy_api_key'])) { $wplc_data['wplc_giphy_api_key'] = sanitize_text_field($_POST['wplc_giphy_api_key']); }
4019
+ if (isset($_POST['wplc_tenor_api_key'])) { $wplc_data['wplc_tenor_api_key'] = sanitize_text_field($_POST['wplc_tenor_api_key']); }
4020
  $wplc_data['wplc_disable_emojis'] = !empty($_POST['wplc_disable_emojis']);
4021
  $wplc_data['wplc_record_ip_address'] = "0";
4022
+ if(isset($_POST['wplc_enable_msg_sound'])){ $wplc_data['wplc_enable_msg_sound'] = sanitize_text_field($_POST['wplc_enable_msg_sound']); } else { $wplc_data['wplc_enable_msg_sound'] = "0"; }
4023
+ if(isset($_POST['wplc_enable_visitor_sound'])){ $wplc_data['wplc_enable_visitor_sound'] = sanitize_text_field($_POST['wplc_enable_visitor_sound']); } else { $wplc_data['wplc_enable_visitor_sound'] = "0"; }
4024
+ if(isset($_POST['wplc_enable_font_awesome'])){ $wplc_data['wplc_enable_font_awesome'] = sanitize_text_field($_POST['wplc_enable_font_awesome']); } else { $wplc_data['wplc_enable_font_awesome'] = "0"; }
4025
+ if(isset($_POST['wplc_enable_all_admin_pages'])){ $wplc_data['wplc_enable_all_admin_pages'] = sanitize_text_field($_POST['wplc_enable_all_admin_pages']); } else { $wplc_data['wplc_enable_all_admin_pages'] = "0"; }
4026
+ if (isset($_POST['wplc_pro_na'])) { $wplc_data['wplc_pro_na'] = sanitize_text_field($_POST['wplc_pro_na']); }
4027
+ if (isset($_POST['wplc_hide_when_offline'])) { $wplc_data['wplc_hide_when_offline'] = sanitize_text_field($_POST['wplc_hide_when_offline']); }
4028
+ if (isset($_POST['wplc_pro_chat_email_address'])) { $wplc_data['wplc_pro_chat_email_address'] = sanitize_text_field($_POST['wplc_pro_chat_email_address']); }
4029
+ if (isset($_POST['wplc_pro_chat_email_offline_subject'])) { $wplc_data['wplc_pro_chat_email_offline_subject'] = sanitize_text_field($_POST['wplc_pro_chat_email_offline_subject']); }
4030
+ if (isset($_POST['wplc_pro_offline1'])) { $wplc_data['wplc_pro_offline1'] = sanitize_text_field($_POST['wplc_pro_offline1']); }
4031
+ if (isset($_POST['wplc_pro_offline2'])) { $wplc_data['wplc_pro_offline2'] = sanitize_text_field($_POST['wplc_pro_offline2']); }
4032
+ if (isset($_POST['wplc_pro_offline3'])) { $wplc_data['wplc_pro_offline3'] = sanitize_text_field($_POST['wplc_pro_offline3']); }
4033
+ if (isset($_POST['wplc_pro_offline_btn'])) { $wplc_data['wplc_pro_offline_btn'] = sanitize_text_field($_POST['wplc_pro_offline_btn']); }
4034
+ if (isset($_POST['wplc_pro_offline_btn_send'])) { $wplc_data['wplc_pro_offline_btn_send'] = sanitize_text_field($_POST['wplc_pro_offline_btn_send']); }
4035
+ if (isset($_POST['wplc_using_localization_plugin'])){ $wplc_data['wplc_using_localization_plugin'] = sanitize_text_field($_POST['wplc_using_localization_plugin']); }
4036
+ if (isset($_POST['wplc_pro_fst1'])) { $wplc_data['wplc_pro_fst1'] = sanitize_text_field($_POST['wplc_pro_fst1']); }
4037
+ if (isset($_POST['wplc_pro_fst2'])) { $wplc_data['wplc_pro_fst2'] = sanitize_text_field($_POST['wplc_pro_fst2']); }
4038
+ if (isset($_POST['wplc_pro_fst3'])) { $wplc_data['wplc_pro_fst3'] = sanitize_text_field($_POST['wplc_pro_fst3']); }
4039
+ if (isset($_POST['wplc_pro_sst1'])) { $wplc_data['wplc_pro_sst1'] = sanitize_text_field($_POST['wplc_pro_sst1']); }
4040
+ if (isset($_POST['wplc_pro_sst1_survey'])) { $wplc_data['wplc_pro_sst1_survey'] = sanitize_text_field($_POST['wplc_pro_sst1_survey']); }
4041
+ if (isset($_POST['wplc_pro_sst1e_survey'])) { $wplc_data['wplc_pro_sst1e_survey'] = sanitize_text_field($_POST['wplc_pro_sst1e_survey']); }
4042
+ if (isset($_POST['wplc_pro_sst2'])) { $wplc_data['wplc_pro_sst2'] = sanitize_text_field($_POST['wplc_pro_sst2']); }
4043
+ if (isset($_POST['wplc_pro_tst1'])) { $wplc_data['wplc_pro_tst1'] = sanitize_text_field($_POST['wplc_pro_tst1']); }
4044
+ if (isset($_POST['wplc_pro_intro'])) { $wplc_data['wplc_pro_intro'] = sanitize_text_field($_POST['wplc_pro_intro']); }
4045
+ if (isset($_POST['wplc_user_enter'])) { $wplc_data['wplc_user_enter'] = sanitize_text_field($_POST['wplc_user_enter']); }
4046
+ if (isset($_POST['wplc_text_chat_ended'])) { $wplc_data['wplc_text_chat_ended'] = sanitize_text_field($_POST['wplc_text_chat_ended']); }
4047
+ if (isset($_POST['wplc_close_btn_text'])) { $wplc_data['wplc_close_btn_text'] = sanitize_text_field($_POST['wplc_close_btn_text']); }
4048
+ if (isset($_POST['wplc_user_welcome_chat'])) { $wplc_data['wplc_user_welcome_chat'] = sanitize_text_field($_POST['wplc_user_welcome_chat']); }
4049
+ if (isset($_POST['wplc_welcome_msg'])) { $wplc_data['wplc_welcome_msg'] = sanitize_text_field($_POST['wplc_welcome_msg']); }
4050
+ if (isset($_POST['wplc_typing_enabled']) && $_POST['wplc_typing_enabled'] == "1") { $wplc_data['wplc_typing_enabled'] = sanitize_text_field($_POST['wplc_typing_enabled']); } else { $wplc_data['wplc_typing_enabled'] = "0"; }
4051
+ if (isset($_POST['wplc_ux_editor'])) { $wplc_data['wplc_ux_editor'] = sanitize_text_field($_POST['wplc_ux_editor']); } else { $wplc_data['wplc_ux_editor'] = "0"; }
4052
+ if (isset($_POST['wplc_ux_file_share'])) { $wplc_data['wplc_ux_file_share'] = sanitize_text_field($_POST['wplc_ux_file_share']); } else { $wplc_data['wplc_ux_file_share'] = "0"; }
4053
+ if (isset($_POST['wplc_ux_exp_rating'])) { $wplc_data['wplc_ux_exp_rating'] = sanitize_text_field($_POST['wplc_ux_exp_rating']); } else { $wplc_data['wplc_ux_exp_rating'] = "0"; }
4054
+ if (isset($_POST['wplc_disable_initiate_chat']) && $_POST['wplc_disable_initiate_chat'] == "1") { $wplc_data['wplc_disable_initiate_chat'] = sanitize_text_field($_POST['wplc_disable_initiate_chat']); } else { $wplc_data['wplc_disable_initiate_chat'] = "0"; }
4055
+ if (isset($_POST['wplc_pro_name'])) { $wplc_acbc_data['wplc_chat_name'] = sanitize_text_field($_POST['wplc_pro_name']); }
4056
+ if (isset($_POST['wplc_use_wp_name'])) { $wplc_acbc_data['wplc_use_wp_name'] = sanitize_text_field($_POST['wplc_use_wp_name']); } else { $wplc_acbc_data['wplc_use_wp_name'] = "0"; }
4057
+ if (isset($_POST['wplc_upload_pic'])) { $wplc_acbc_data['wplc_chat_pic'] = esc_url(base64_decode($_POST['wplc_upload_pic'])); }
4058
+ if (isset($_POST['wplc_upload_logo'])) { $wplc_acbc_data['wplc_chat_logo'] = esc_url(base64_decode($_POST['wplc_upload_logo'])); }
4059
+ if (isset($_POST['wplc_upload_icon'])) { $wplc_acbc_data['wplc_chat_icon'] = esc_url(base64_decode($_POST['wplc_upload_icon'])); }
4060
+ if (isset($_POST['wplc_pro_delay'])) { $wplc_acbc_data['wplc_chat_delay'] = sanitize_text_field($_POST['wplc_pro_delay']); }
4061
+ if (isset($_POST['wplc_pro_chat_notification'])) { $wplc_acbc_data['wplc_pro_chat_notification'] = sanitize_text_field($_POST['wplc_pro_chat_notification']); }
4062
+ if (isset($_POST['wplc_pro_chat_email_address'])) { $wplc_acbc_data['wplc_pro_chat_email_address'] = sanitize_text_field($_POST['wplc_pro_chat_email_address']); }
4063
+ if (isset($_POST['wplc_social_fb'])) { $wplc_acbc_data['wplc_social_fb'] = str_replace("https:", "", esc_url($_POST['wplc_social_fb']) ); }
4064
+ if (isset($_POST['wplc_social_tw'])) { $wplc_acbc_data['wplc_social_tw'] = str_replace("https:", "", esc_url($_POST['wplc_social_tw']) ); }
4065
+ if (isset($_POST['wplc_ringtone'])) { $wplc_data['wplc_ringtone'] = str_replace("https:", "", sanitize_text_field($_POST['wplc_ringtone']) ); }
4066
+ if (isset($_POST['wplc_messagetone'])) { $wplc_data['wplc_messagetone'] = str_replace("https:", "", sanitize_text_field($_POST['wplc_messagetone']) ); }
4067
+ if(isset($_POST['wplc_animation'])){ $wplc_data['wplc_animation'] = sanitize_text_field($_POST['wplc_animation']); }
4068
+ if(isset($_POST['wplc_theme'])){ $wplc_data['wplc_theme'] = sanitize_text_field($_POST['wplc_theme']); }
4069
+ if(isset($_POST['wplc_newtheme'])){ $wplc_data['wplc_newtheme'] = sanitize_text_field($_POST['wplc_newtheme']); }
4070
+ if(isset($_POST['wplc_elem_trigger_action'])){ $wplc_data['wplc_elem_trigger_action'] = sanitize_text_field($_POST['wplc_elem_trigger_action']); } else{ $wplc_data['wplc_elem_trigger_action'] = "0"; }
4071
+ if(isset($_POST['wplc_elem_trigger_type'])){ $wplc_data['wplc_elem_trigger_type'] = sanitize_text_field($_POST['wplc_elem_trigger_type']); } else { $wplc_data['wplc_elem_trigger_type'] = "0";}
4072
+ if(isset($_POST['wplc_elem_trigger_id'])){ $wplc_data['wplc_elem_trigger_id'] = sanitize_text_field($_POST['wplc_elem_trigger_id']); } else { $wplc_data['wplc_elem_trigger_id'] = ""; }
4073
 
4074
  if (isset($_POST['wplc_node_disable_typing_preview'])) {
4075
+ $wplc_data['wplc_node_disable_typing_preview'] = sanitize_text_field($_POST['wplc_node_disable_typing_preview']);
4076
  } else {
4077
  $wplc_data['wplc_node_disable_typing_preview'] = '0';
4078
  }
4118
  if( isset( $_POST['wplc_show_avatar'] ) ){ $wplc_data['wplc_show_avatar'] = '1'; } else { $wplc_data['wplc_show_avatar'] = '0'; }
4119
  $wplc_data = apply_filters("wplc_settings_save_filter_hook", $wplc_data);
4120
 
4121
+ if (isset($_POST['wplc_user_no_answer'])) { $wplc_data["wplc_user_no_answer"] = sanitize_text_field($_POST['wplc_user_no_answer']); } else { $wplc_data["wplc_user_no_answer"] = __("There is No Answer. Please Try Again Later.", "wplivechat"); }
4122
 
4123
  if(isset($_POST['wplc_pro_auto_first_response_chat_msg'])){
4124
+ $wplc_data['wplc_pro_auto_first_response_chat_msg'] = sanitize_text_field($_POST['wplc_pro_auto_first_response_chat_msg']);
4125
  } else {
4126
  $wplc_data['wplc_pro_auto_first_response_chat_msg'] = "";
4127
  }
4145
 
4146
 
4147
  $wplc_advanced_settings = array();
4148
+ if (isset($_POST['wplc_iterations'])) { $wplc_advanced_settings['wplc_iterations'] = sanitize_text_field($_POST['wplc_iterations']); }
4149
+ if (isset($_POST['wplc_delay_between_loops'])) { $wplc_advanced_settings['wplc_delay_between_loops'] = sanitize_text_field($_POST['wplc_delay_between_loops']); }
4150
  update_option("wplc_advanced_settings",$wplc_advanced_settings);
4151
 
 
 
 
 
 
 
 
4152
  add_action( 'admin_notices', 'wplc_save_settings_action' );
4153
  }
4154
 
4441
  }
4442
  }
4443
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
4444
  add_action('admin_init', 'wplc_admin_download_chat_history');
4445
  /**
4446
  * Downloads the chat history and adds it to a CSV file
4533
  global $wpdb;
4534
  global $wplc_tblname_msgs;
4535
 
4536
+ $results = $wpdb->get_results($wpdb->prepare(
4537
  "
4538
  SELECT *
4539
  FROM $wplc_tblname_msgs
4540
+ WHERE `chat_sess_id` = '%d'
4541
  ORDER BY `timestamp` ASC
4542
  LIMIT 0, 100
4543
  "
4544
+ , intval($cid))
4545
  );
4546
 
4547
  $fields[] = array(
4798
 
4799
  if( $show_powered_by == 1){
4800
 
4801
+ $ret = "<i style='text-align: center; display: block; padding: 5px 0; font-size: 10px;'><a href='https://wp-livechat.com/?utm_source=poweredby&utm_medium=click&utm_campaign=".wp_filter_post_kses(site_url())."'' target='_BLANK' rel='nofollow'>".__("Powered by WP Live Chat Support", "wplivechat")."</a></i>";
4802
 
4803
  } else {
4804
 
4865
 
4866
  $content .= "<tr>";
4867
  $content .= "<td width='300'>".__("Custom CSS", "wplivechat")."</td>";
4868
+ $content .= "<td><div id='wplc_custom_css_editor'></div><textarea name='wplc_custom_css' id='wplc_custom_css' style='display: none;' data-editor='css' rows='12'>".strip_tags(stripslashes( $wplc_custom_css ))."</textarea></td>";
4869
  $content .= "</tr>";
4870
 
4871
  $content .= "<tr>";
4872
  $content .= "<td width='300'>".__("Custom JS", "wplivechat")."</td>";
4873
+ $content .= "<td valign='middle'><div id='wplc_custom_js_editor'></div><textarea name='wplc_custom_js' id='wplc_custom_js' style='display: none;' data-editor='javascript' rows='12'>".( stripslashes( $wplc_custom_js ))."</textarea></td>";
4874
  $content .= "</tr>";
4875
 
4876
  $content .= "</table>";
4892
  if( isset( $_POST['wplc_save_settings'] ) ){
4893
  if (current_user_can('manage_options')) {
4894
  if( isset( $_POST['wplc_custom_css'] ) ){
4895
+ update_option( "WPLC_CUSTOM_CSS", strip_tags($_POST['wplc_custom_css']) );
4896
  }
4897
 
4898
  if( isset( $_POST['wplc_custom_js'] ) ){
4899
+ update_option( "WPLC_CUSTOM_JS", strip_tags($_POST['wplc_custom_js']) );
4900
  }
4901
  }else {
4902
  wp_die(__("You do not have permission do perform this action", "wplivechat"));
4918
  if( $wplc_custom_css ){
4919
  echo "<!-- WPLC Custom CSS -->";
4920
  echo "<style>";
4921
+ echo stripslashes( $wplc_custom_css );
4922
  echo "</style>";
4923
  }
4924
 
4925
  if( $wplc_custom_js ){
4926
  echo "<!-- WPLC Custom JS -->";
4927
  echo "<script>";
4928
+ echo stripslashes( $wplc_custom_js );
4929
  echo "</script>";
4930
  }
4931
 
5060
 
5061
  ?>
5062
  <div class="notice notice-warning is-dismissible">
5063
+ <p><img src="<?php echo sanitize_text_field( plugins_url( 'images/wplc-logo.png', __FILE__ ) ); ?>" style="width:260px;height:auto;max-width:100%;"></p>
5064
+ <p><strong><?php _e( 'Browser notifications will no longer function on insecure (non-SSL) sites.', 'wplivechat' ); ?></strong></p>
5065
+ <p><?php _e( 'Please add an SSL certificate to your site to continue receiving chat notifications in your browser.', 'wplivechat' ); ?></p>
5066
+ <p><a href="?page=<?php echo sanitize_text_field( $_GET['page'] ); ?>&wplc_dismiss_notice_bn=true" id="wplc_dismiss_notice_bn" class="button"><?php _e( "Don't Show This Again", 'wplivechat' ); ?></a></p>
5067
  </div>
5068
  <?php
5069